Connecting state and local government leaders
COMMENTARY | By taking advantage of federal resources and leaning into autonomous technology and cybersecurity education, agencies can keep constituent data safe.
Cybercriminals are constantly searching for vulnerable targets. And with notoriously underfunded security budgets, state and local agencies are frequently in their crosshairs. In fact, 70% of state and local governments report experiencing at least one ransomware attack in the previous 12 months. With the immense amounts of sensitive data on both citizens and employees that governments hold—not to mention their role as key election stewards—this trend will continue.
But a trend is not destiny, and state and local agencies can reduce their exposure with three risk-averse, budget-friendly cybersecurity best practices that will help foster and maintain public trust by protecting sensitive data.
1. Leverage federal resources, especially during election cycles
Election security is more essential now than ever. The repercussions of a data leak or the appearance of a vulnerability during an election can damage public trust, so local leaders must make the most of any asset at their disposal to prepare now, ahead of election season.
To ensure a secure vote count, state and local governments should take advantage of resources from the Cybersecurity and Infrastructure Security Agency, a unit under the U.S. Department of Homeland Security. CISA has programs designed to review existing election processes and help election officials evaluate and manage risk and enhance cyber resiliency. Its information sharing services span across regions, making CISA a go-to resource. This support is particularly useful for underfunded regions where local governments do not have the means to bolster their security budgets ahead of elections.
CISA has also started offering state and local cybersecurity grants, which can alleviate budget woes for IT departments looking to boost cyber resilience with staffing and technology upgrades. Insufficient funding often stands in the way of innovation, so state and local leaders should take advantage of every opportunity available to increase their IT security budgets.
2. Stretch IT budgets with artificial intelligence-driven autonomous technology
State and local governments are stretched thin as they work to provide critical services for constituents, and their IT teams rarely have the budget to keep up with the latest data protection technology. Often short-staffed teams are handling massive amounts of sensitive data with limited technology to support them.
To maximize IT dollars, government leaders should consider AI-powered solutions, which can be implemented quickly to deliver better protection more efficiently. Examples include AI-enabled anomaly detection that warns staff of a potential breach or autonomous data management that automatically identifies sensitive information and applies appropriate resiliency and compliance policies to it. These technologies are becoming even more important as data is increasingly spread across hybrid on-premises and multicloud infrastructures.
Streamlining data protection with autonomous solutions often results in an outsized return on investment, a critical advantage in the event of a cyberattack.
3. Reduce vulnerability with education
Educating employees and enforcing security and compliance policies is critical, particularly in hybrid or remote work environments where workers feel a bit more relaxed. Annual cyber resiliency training for all staff helps ensure everyone can recognize and respond appropriately to security threats like phishing attempts that often lead to ransomware infiltration.
IT teams should also update their response plans for worst case scenarios and hold regular tabletop exercises to ensure all team members are prepared to activate at any time. Ransomware attacks are more likely to occur at inopportune moments like evenings and weekends, so combining autonomous data protection with employee preparation is the most cost-efficient way to ensure data stays safe.
The threat to state and local agencies is unlikely to go away anytime soon. The enormous responsibility government has means prioritizing data protection and preparing before a data crisis. By tapping into all available resources, strategic implementation of autonomous technology and vigilance combined with education, even tight-staffed state and local government IT departments can deliver the data resiliency constituents need and deserve.
Joye Purser is the global cybersecurity field lead at Veritas.