Their systems are probably wildly outdated, a monstrous mix-and-match of tech, stuff like that. A private corporation is easier to lock down. With government they have to follow dozens of outdated laws and guidelines, don’t have the freedom private enterprise has.
To categorically prevent that, every computer would need to centrally controlled and managed, which might have been the case here, and the system configuration has to prevent all software that’s not pre-approved from running.
That’s possible too, but could be a pain to tightly manage. It was a privileged user that was spear phished though… the kind of trusted user who might be able to install software on their machine without additional approval.
“a state employee mistakenly downloaded a malware-laced tool from a spoofed website”
Why is any randomly downloaded software running on government computers to begin with? Why aren’t these systems and networks locked down better?
Their systems are probably wildly outdated, a monstrous mix-and-match of tech, stuff like that. A private corporation is easier to lock down. With government they have to follow dozens of outdated laws and guidelines, don’t have the freedom private enterprise has.
To categorically prevent that, every computer would need to centrally controlled and managed, which might have been the case here, and the system configuration has to prevent all software that’s not pre-approved from running.
That’s possible too, but could be a pain to tightly manage. It was a privileged user that was spear phished though… the kind of trusted user who might be able to install software on their machine without additional approval.