“As the Biden administration’s first year in office moves into the rearview mirror, the political headwinds facing spending plans are mounting. However, while much of the spending inside the ‘Build Back Better’ legislative framework is proving to be politically divisive, one area which gets rare bipartisan support is the need to bolster our nation’s cybersecurity efforts. Based on the commitments outlined within the infrastructure bill and aspects of the Build Back Better Act, federal security spending will see a boost of almost $2.5 billion going forward. With our nation’s federal agencies facing an increasingly existential threat from cyberattacks, this is fantastic news for Americans, but it does come with an important caveat. More spending does not necessarily equal better security. As they work to secure our nation’s digital infrastructure better, federal organizations must not waste billions of taxpayer dollars on reactive cybersecurity solutions that, in the private sector, have left many organizations with less security and more complex tools to manage...” “While it is widely known that an immense quantity of private information is flowing into the hands of a small number of tech companies, the fact that a similar volume of equally personal information ends up in the hands of third parties, including cybercriminals, through data brokers, is less well recognized. Although there is a groundswell of legislation protecting individuals in some states and jurisdictions, federally speaking, [Personally Identifiable Information (PII)] receives scant protection. As a result, a multibillion-dollar industry has sprung up, known as data brokerage, to exploit the easy accessibility of Americans’ PII...” “A data broker’s ideal customer is any organization looking to better target offers to customers, but unfortunately, brokers rarely vet or audit how the information they provide is used. As a result, nothing stops this information from being weaponized within social engineering scams or matched to information obtained on the dark web to crack passwords and gain direct malicious network access. In response, federal organizations need to bolster data privacy among their staff and contractors, making PII security a priority through training and equipping staff with tools to reduce their PII exposure automatically...” Read the full article here. Source: How not to spend the new $2.5 billion cybersecurity budget – By Rob Shavell, March 29, 2022. Federal News Network.