The past year’s COVID-19 pandemic marked an unparalleled turning point that has completely changed the world as we know it. When businesses and organizations from many industries rushed to establish business continuity from home, hackers took full advantage of the remote work conditions that provided easy targets in unsecure environments. Although people are returning to the office and getting “back to normal,” the idea of evaluating the organization’s cybersecurity posture is becoming more prevalent. While cybersecurity has long been at the forefront for IT professionals, this has not necessarily been the case for many organizations. Especially since the rate of cyberattacks against state and local governments has increased considerably over the last year, lawmakers are now aiming to prioritize cybersecurity legislation.
Up until recently, state and local governments have generally not been centered on establishing cybersecurity best practices. Their priorities and limited budgets are spread thin. They either don’t have the funds to spend on improving cybersecurity infrastructure or don’t feel that it’s the main concern. Yet nearly every day, there is a steady stream of news about the latest hack, breach, or ransomware attack. Many municipalities are having difficulty keeping themselves safe because they are trying to do it on the cheap. They may be using outdated hardware and software or could have holes in their security posture. This is a persistent problem and will only get worse if it isn’t addressed.
Industries such as healthcare, finance, and legal have already long-established compliances to protect company data and personally identifiable information (PII). There are hefty fines and penalties for noncompliance, not to mention a damaged reputation. From the federal government side, the Cybersecurity Maturity Model Certification (CMMC) framework is currently being rolled out, which will require all U.S. Department of Defense (DoD) contractors to reach one of the five levels of compliance in order to be able to bid on contracts. Although they are starting to gain more traction, municipalities seem to be falling short when it comes to establishing cybersecurity compliance measures.
The latest round of cyberattacks, ranging from the sizable SolarWinds breach down to small cities like the attack on a local water treatment plant in Florida, have had an impact on a number of government institutions, supply chains, and third parties. Such incidents have largely demonstrated how state, county, and municipal markets have become easy targets for cybercriminals.
Governments are now pushing for cybersecurity measures with the hopes of preventing devastating data breaches and reducing the risk of ransomware. As a recent example, the Department of Energy kicked off a new initiative between government agencies and the private industry to protect the U.S. power grid from cyberattacks. From awareness training and policies to forming task forces and preparedness, states are progressively proposing new legislation to improve the cybersecurity infrastructure. As new laws and regulations come down the pipeline, local entities may not have a choice in whether they spend budget and resources on modernizing their security approaches. Even so, new mandates may also provide opportunities for additional funding.
From the managed security services side, increased regulations are going to result in a huge influx of work to do. There are several trending areas for improving a state and local governments’ cybersecurity posture. The first is to establish regular user training. This may seem obvious, but as the first line of defense against hackers, this is one of the most important. Many breaches occur due to human error. By providing education and cybersecurity awareness training, employees are more likely to keep endpoints secure – especially when working from home.
Another trend is the proliferation of advanced technologies that actively combat cyber threats. Many current compliances only require data logging through a traditional SIEM (Security Information and Event Management) solution. However, there are limitations to only using a SIEM. Organizations can get the data and evaluate it but aren’t able to act fast enough when there’s a data breach. The response time is crucial to reduce the amount of damage and downtime. With more regulations on the horizon, states and municipalities will see a growing need to have Managed Detection and Response (MDR), which is a more efficient and effective way to see what is happening within the environment in real-time, then take that information and immediately execute actions to stop a hacker as soon as they get into a network.
Finally, an increasing number of agencies and local governments are moving their data to the cloud, consolidating data centers to streamline application hosting and management. For those that haven’t moved to the cloud yet, there are frequent concerns over compliance with federal and state regulations. However, many of the cloud services actually do meet or exceed standards for data storage and government applications. As long as they are set up correctly and securely, cloud services are often more secure and reliable than traditional on-site servers.
As cybercriminals become more sophisticated, the technology that state, county, and municipal markets use needs to be able to keep up – at a minimum. Cyber threats against local governments will continue to escalate and the crisis will only persist if no action is taken. It is imperative, whether or not legislation is enacted, for governing authorities to be proactive and establish security protocols and improve their cybersecurity posture.