State & Local Government Cybersecurity Landscape
Cyber-attacks on government agencies are happening at an alarming rate. These attacks cost U.S. state and local governments millions of dollars in remediation and disrupt employee work and citizen services. Governments must be concerned about the loss of sensitive citizen, client and employee information, whether through a cyber event on a PC or unauthorized access to documents at the printer. According to a Verizon study, personal information is the top type of data lost in public sector breaches.The costs of such a breach can quickly escalate. One study estimates an organization will incur $2.2 million in costs for a data breach that involves less than 10,000 compromised records.
Several factors make government agencies easy targets. Budget constraints may require some agencies to use outdated computers that cannot support the security features needed to protect against current threats. Many agencies lack funding to develop, implement and manage robust security policies. And the mix of technologies in most government agencies make security management more challenging, which may inadvertently provide an opening for attacks.
Amajor source of security vulnerabilities lies in endpoints: the PC and Mobile device employees use to do the everyday work of government. Although an agency may not have full awareness of endpoint vulnerabilities, hackers
certainly do. As one example, a county IT director noted an increase of more than 300 percent in endpoint attacks at agencies across Washington state.
A lack of control or inability to monitor endpoints creates significant security risks and may lead to:
- Unauthorized people seeing sensitive information due to careless user actions
- Cybercriminals stealing data or holding computer files for ransom or blackmail
- An attack on critical agency systems through an endpoint’s network connection
Multiple factors contribute to these potential scenarios, but perhaps the most common is inadequate security settings and lack of proactive monitoring. Over time, infrequent monitoring and inconsistent installation of software patches can increase the risk of both PC, laptop and mobile devices.