The Cybersecurity Challenges Facing State and Local Governments

IT departments are focused like never before on keeping their networks and data secure, but they face several critical challenges, says Paul Lipman

Organized criminals, hacktivists, and state-sponsored agents are launching constant, high-profile attacks against commercial organizations, government entities and even critical public infrastructure. This has raised awareness of cybersecurity and created a heightened sense of urgency, as organizations seek to protect their valuable data from theft and distribution on the black market.

Intellectual property, trade secrets, and contract negotiations are lucrative targets for cyber-criminals, with the potential to bring organizations or even industries to their knees. Personal data stolen from companies can be leveraged in devastating identity theft attacks against innocent citizens.

IT departments are therefore focused like never before on keeping their networks and data secure, but they face several critical challenges:

Threats on the Rise

iSheriff is seeing rapid growth in the number of threats. We have seen more than a quarter of a million ransomware variants over the past year, with as many as 60,000 new variants in a single day.

Ransomware acts like a trawling net – casting broadly to snare as large a number of victims as possible in one attempt. These threats have become increasingly complex, conducted over multiple threat vectors in combination.

At the other end of the spectrum are targeted threats, designed to attack a specific organization or even a specific individual. Unlike a typical malware-based infection, targeted attacks are very difficult to block with traditional security products.

Insufficient Funds

The typical state or local government agency spends less than 5% of its IT budget on cybersecurity, compared to over 10% in the typical commercial enterprise. If we bear in mind that some of the world’s most prominent enterprises have been successfully hacked, and that government agencies are faced with precisely the same security challenges, it is alarmingly clear that state and local agencies’ efforts are woefully underfunded.

"Agencies are universally short on expertise. They need a solution that is simple to set up, run and monitor"

In addition to budgetary concerns, government agencies are faced with a security staffing and know-how problem. Given the rapid growth in cyber-threats over the last few years, and the increasing corporate focus, demand has created a substantial premium on security skills. Public sector organizations are hard-pressed to compete for talent, given the wide disparity in compensation levels.

Lack of Visibility and Control

One of the unfortunate by-products of the proliferation of security point products within the IT environment is an avalanche of security events and alerts, causing the problem of alert overload. Managing security through alerts has been described as analogous to driving a car down a busy highway at night by looking through a frosted rear-view mirror: it is not only misleading, but is ultimately likely to end in disaster for all involved.

Regulations and Compliance

Federal and state government agencies have introduced an array of new regulations in an effort to enforce better levels of protection for citizen data, and greater transparency when breaches occur. These include the FBI, IRS, HIPAA, OCSE, FSSA and the NIST Cybersecurity Framework. For small IT organizations with limited security expertise, enforcing compliance can be an onerous level of additional overhead.

The Need for Better Solutions

The benefits of more secure government agencies – from the corner post office to the DoD – are multifaceted. Defending our essential infrastructure and government services, our intellectual property, and our citizens’ safety is paramount to preserving our way of life. The risks created by improperly protected government assets are enormous, urgent and mounting.  

Traditional, perimeter-focused security approaches are no longer sufficient or practical. Especially at the local and state level, IT teams do not have the resources to address each threat vector in isolation. Scalable, cloud-based solutions help teams maximize their financial and staff resources, delivering higher value and better protection from limited budgets.

Unable to compete with enterprise IT salaries, agencies are universally short on expertise. They need a solution that is simple to set up, run and monitor, with a ‘single pane of glass’ view across the network.

Enhancing the simplicity of solutions leaves more time to address the complexity of threats. Instead of wrangling with software and hardware, cybersecurity defenders must be free to focus on managing risk and response.

About the Author

Paul Lipman is the CEO of iSheriff. He brings to the role more than two decades of executive and operational leadership experience at software, services and e-commerce companies.

What’s Hot on Infosecurity Magazine?