State and local organizations are in the unenviable position of being a top target for cybercriminals. In the last year, 70 percent of state and local governments report experiencing at least one ransomware attack. The data they hold on citizens makes them a valuable target. The reality of thin security staff and budgets makes them an “easy” target. This issue is likely to compound as cybersecurity experts have measured ransomware growth at over 100% year over year.
In May 2023, a Russian-based cybercriminal ring exploited a flaw in MOVEit, a file transfer software used widely across government and private-sector organizations. The attack knocked services offline and put personally identifiable information at risk of being exposed if demands were not met. This breach had a larger effect on state and local organizations as they did not have the staff or protocols in place to identify they were at risk. The MOVEit application is often buried in other applications and projects so it was easy to overlook its presence and impact on systems.
The grim statistics and reality of the recent MOVEit attack have led to a concerted focus on supporting state and local organizations in improving cybersecurity posture with education, technology, and funding.
Teaching Cyber Hygiene
Ransomware attacks are not especially sophisticated. Most succeed because a very basic security principle was overlooked – a piece of software was not updated, an employee clicked on a phishing link in an email, or login credentials were stolen or hacked.
The federal government provides a wide variety of training resources and services to state and local entities to help educate IT and operational staff on the best proactive measures they can take to thwart cybercriminals.
One county praised the training it received from the Cybersecurity & Infrastructure Security Agency (CISA) for helping it respond to a ransomware attack that disrupted a 911 dispatch center. Tips that county officials picked up at CISA-led seminars helped them quickly initiate response and recovery. CISA also provided technical services to support the county’s recovery efforts. This included providing forensic and data-preservation tools to find the source of the ransomware infection that helped isolate it and provide a report for analysis within hours of the incident being detected.
Ensuring Technology Deployment
The state of Arizona is taking a novel approach to ensuring cities and counties have the cybersecurity tools it needs. A Cyber Command office is giving cloud-based security services to state and local agencies free of charge. Buying for a larger user base results in economies of scale and significant discounts on licenses and other fees.
While many states may consolidate security buys, they typically use charge-back methods, requiring local agencies to pay for the services. Arizona’s approach takes the long-term vision when it comes to savings. With 80 percent of state agencies using the platform, the number of critical vulnerabilities has dropped from 11,000 to less than 1,000 statewide. This tightening of security reduces the risk of major breaches, which can cost up to $9.4M to resolve. These savings far outweigh the fees the state would have collected if charging for security tools.
Federal Funding for State Security
As evidenced by a series of executive orders and mandates, the Biden administration is committed to improving the nation’s cybersecurity at all levels–federal, state, local, and private sector. As part of the 2022 National Security Strategy, The State and Local Cybersecurity Grant Program is providing $1 billion for state, local, and territorial governments over four years to combat cyberthreats.
Accompanying the funding is education on how best to use it, suggesting security best practices that should be implemented, such as instituting a resilience and recovery plan for use in the event of an attack, modernizing back-up procedures, implementing strong multifactor authentication, and more.
- Considerations for Cyber Disruptions in an Evolving 911 Environment (white paper) – The increased interconnectivity of Next Generation 911 (NG911) systems exposes new vectors for threats that can disrupt or disable the operations of emergency communications centers (ECC). This paper identifies examples of cybersecurity vulnerabilities and threats that can impact 911 systems. It also provides ECCs with considerations for engaging with partners to establish, update, and maintain Continuity of Operations plans to better prepare for cyber-disruption events in an evolving 911 environment.
- Baseline Cybersecurity Best Practices: An Overview for Success in Applying for the State and Local Cybersecurity Program (white paper) – Read about common baseline security best practices that organizations should implement to help better protect their infrastructure. Explore best practices with an overview of the requirements the Cybersecurity and Infrastructure Security Agency considers important when applying for the Infrastructure Investment and Jobs Act State and Local Cybersecurity Grant Program.
- #StopRansomware Guide (white paper) – Developed by the U.S. Joint Ransomware Task Force, this paper details ransomware and data extortion prevention best practices and provides a ransomware and data extortion response checklist.
- Avoiding Ransomware Checkmate (white paper) – Cybercriminals are increasingly launching ransomware attacks on state and local governments and educational institutions because they know they are profitable targets. Stopping hackers before they gain access to systems isn’t always possible, but with the right tools, they can be halted midgame before they can make ransom demands.
- The 2024 National K-12 Cybersecurity Leadership Conference (February 13-14, 2024; Savannah, GA) – This event is designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches.
- Cybersecurity Summit 2024 (February 27, 2024; Washington, DC) – Join top technology leaders from across the public sector as they discuss emerging topics in cybersecurity like ransomware, zero trust, global security and more.