DHS Can Better Mitigate the Risks Associated with Malware, Ransomware, and Phishing Attacks

View Report

Date Issued

Monday, August 22, 2022

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Report Number

OIG-22-62

Report Description

In recent years, several Department of Homeland Security (DHS) components have been victims of cyberattacks. To protect its sensitive information from potential exploitation, DHS implements multiple layers of defense against malware, ransomware, and phishing attacks.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the DHS Chief Information Officer (CIO) update policies and procedures to implement National Institute of Standards and Technology standards to facilitate recovery from an adverse event and maintain operations during malware, ransomware, and phishing attacks.
3	No	$0	$0
We recommend the CBP CIO ensure all users complete initial and annual refresher security awareness training as required and document, monitor, and retain individual cybersecurity awareness training records.
4	No	$0	$0
We recommend the DHS HQ CIO ensure all users complete initial and annual refresher security awareness training as required and document, monitor, and retain individual cybersecurity awareness training records.