Recent and well publicized cyber attacks are damaging, costly, and have the potential to deprive communities of essential services, but stopping them poses significant challenges.
Local government CISOs and IT departments face pressures from all sides: on the one hand, citizens are demanding digital services and frictionless online experiences, but on the other, government leaders want to reduce risk within the IT infrastructure, and face increasingly stringent data security compliance requirements. Moreover, limited budgets are always a reality.
Today’s cybercriminals are savvy and well aware that local governments hold massive amounts of data. They’re readily equipped to exploit that data’s value, whether by selling it on the dark web, or through extortionary tactics like ransomware attacks.
As local governments and municipalities are called upon to deliver services more efficiently, they’re quickly expanding their technology infrastructures and the number of services they offer online. This means that their IT environments are growing rapidly and their complexity is skyrocketing. It also means that governments are collecting, storing, and transmitting ever-increasing amounts of sensitive data from their citizens.
Growing Cybersecurity Challenges
With these increasing services comes infrastructure sprawl and complexity. Many local governments now offer services via mobile or web applications, and a growing percentage of government organizations are turning to cloud-enabled storage or computing solutions. But, this IT modernization brings challenges: IT infrastructures are increasingly distributed and heterogeneous, and attack surfaces correspondingly larger. At the same time, IT departments struggle to maintain visibility and control in these diverse environments.
In many ways, this creates the perfect storm for adversaries, and local governments’ capacities for defense, response, and remediation are not always growing to keep pace with the size of the threat, due to some key challenges:
Breaking Down SilosThe agencies and departments comprising local governments often have highly-segregated organizational structures. This can make it difficult to develop centralized and consistent cybersecurity programs and standards, and implement them throughout the whole of the organization. Simply put, silos don’t lend themselves to efficient collaboration. But stakeholders throughout all parts and segments of local government organizations must come together in support of a stronger cybersecurity posture—including greater awareness of the problem and better employee education—if there is to be real change.