Information Services Group (ISG) recently released a report on how the U.S. public sector is strengthening cybersecurity measures. The report finds that state, local and educational (SLED) organizations, despite having lower profiles than the federal government, are still in significant danger. In 2022, ransomware attacks, among the most common threats, declined in number but grew more sophisticated, the report says. Local governments that suffered security breaches faced an average of five months of downtime.

In addition to increasingly advanced ransomware operations, which have forced agencies to strengthen data backup and recovery, SLED organizations face ongoing threats from internal errors and sabotage, while rapid cloud migration requires them to implement new protection measures, the report says.

A growing number of U.S. public entities are responding to new dangers by implementing zero trust frameworks for protecting data and IT assets, according to the report. U.S. government organizations face particular difficulties assigning ownership of cybersecurity, the report says. Each agency’s structure tends to be different from others, but there is a common need for agency leaders to take responsibility for cybersecurity investments and outcomes, which can affect both internal and constituents’ data, even in agencies that have a chief information security officer (CISO).

Access the full report here