The key drivers of public sector security risks
There are a number of circumstances that are significantly increasing the security risks of public sector entities. Lack of appropriate resources due to constrained budgets are hampering government IT organizations and makes meeting the demand from citizens for more expansive digital access particularly difficult.
The shift from a centrally controlled infrastructure to one that allows endpoint devices to indiscriminately download apps creating vulnerabilities that hackers can exploit is also a significant problem. Fragmented government structures that lead to agencies doing their own thing and the lack of clear lines of authority within governmental IT organizations leads to disparate systems and an easier footprint for cybercriminals to exploit.
Growing threats to public sector entities
The most pervasive recent threat to governments comes from ransomware – a malware that locks down systems until a payment is made. In 2019 alone, 174 municipalities were held hostage by hackers with the average ransom demand just over $1 million and some going as high as $5 million. Other serious threats facing the public sector include malware unleashed by an unwitting employee clicking on an unknown link, man-in-the-middle attacks that intercept information being sent through a website or via email, and SQL injection attacks that infiltrate data bases.
What can you do?
There are a number of security infrastructure frameworks that can help guide state and local government entities to increase their cybersecurity profile. One of the most popular is FedRAMP, a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services with the goal of protecting data of U.S. citizens in the cloud. Other resources include the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and the Control Objectives for Information and Related Technologies (COBIT).
DynTek specializes in bringing secure, efficient, scalable technology solutions to the public sector. We hold a GSA Schedule 70 IT products and services contract along with over multiple state and local government contracts. To discover how DynTek can help you identify and protect against internal and external threats to your public sector IT infrastructure, systems, and data, read our White Paper, Public Sector Cybersecurity 2020: Bringing your security framework to life through best practices.
Ransomware vs cities in 2019: 174 and counting, Kaspersky web site, December 11, 2019.