(www.washingtonpost.com)
Bad actors could also try to guess the passwords of locked devices, which could be successful if the device lacked a strong password, Moussouris says. Anything more intensive, such as breaking into an iPhone, probably would require a third party. The government normally keeps its most sensitive classified information in separate spaces called sensitive compartmented information facilities.
That's why the extent to which the mob posed a security risk to Congress depends on the expertise of the rioters, Moussouris said. Most, she guessed, are “not exactly cybercriminals.”
But taking a laptop would give the thief more time to crack into the computer – or even potentially take to a professional to crack into.
House IT officials did not respond for comment about steps they're taking to secure exposed devices. Important practices that all organizations should implement include having multi-factor password protection and a centralized mechanism to wipe devices of data, Moussouris told me.
I have to feel for those IT and cybersecurity staff in the Capitol now that they have gigantic tasks ahead of them by having to rebuild the entire infrastructure and replacing hardware from scratch. :(
Riot in the Capitol is a nightmare scenario for cybersecurity professionals