In this blog series, we’ve been talking about government IT as being on a journey, a road trip. And that analogy works for discussing cybersecurity. If some good can come from the recent global ransomware attack, I am hoping it provides a wakeup call for cybersecurity efforts in state and local government. While the dust continues to settle from this latest hack, we cannot lose sight of the fact that another one is somewhere down the road… and another after that.
Anyone who has taken a cross country trip knows that you should not drive when you’re exhausted. But, how many of us have been shocked awake at the wheel when our heads give in to gravity’s pull or snap awake when our tires hit the warning ridges embedded in the road’s shoulder? Luckily, most of us wake up, take control and do what we know we should do in these circumstances.
Cybersecurity can fall into this gap between knowledge and action.
We know we have to be vigilant over cybersecurity. But, it’s not clear that we have acted on that knowledge as consistentaly as we should. Data we compiled with the Government Business Council suggests that a gap between knowledge and action exists. Of those surveyed, 77 percent agreed that cybersecurity is a high priority. But, 41 percent did not think they were prepared and 13 percent were simply not sure.
Confessing this gap exists is actually a step toward taking action. Facing the problem is not the only obstacle. In that same research, 67 percent of those who thought state and local governments are “vulnerable” cited budget constraints as the number one concern. A lack of in-house resources came in a strong second and the lack of unified or coordinated policies across agencies and jurisdictions made up much of the rest of the top concerns.
These are real problems. But, as we say in government, never let a crisis go to waste. Now is the time to advocate, while the sting of the headlines is still fresh.
Having a strategy can help overcome barriers to getting the funding. At CenturyLink, we believe that maximizing the impact of limited budgets requires a thorough examination of what really needs to be secured. The truth is that protecting everything equally is a fast track to spreading limited resources very thin. What are your crown jewels, the things that crooks really want? Social Security numbers? Tax records? Overwhelm those assets with cybersecurity resources and build your strategy from there.
Cybersecurity involves lots of technology of course. We design layers of security for many customers involving firewalls, analytics and a host of other services. But, the last thing I’ll point out here is that the human side of cybersecurity is easy to overlook. Once you know your most valuable resources, mapping out who has access to them and asking whether all those people really need access can limit your exposure. That’s not because your people can’t be trusted. It’s because the crooks are targeting people as well as systems. They conduct phishing exercises and even set simple traps like leaving infected flash drives where they can be found and used by people who thought they got a free bit of portable storage. Limiting access to the crown jewels can reduce the exposure from well-meaning people who click on the wrong thing. We do these audits all the time as part of our security consulting and planning services and people find them eye opening. I bet you will, too.
Approach this latest bout of cyber terrorism as a wakeup call. Remind people that the next cyberattacks is just around the next corner. Get ready now, so you can have a safer journey.
If you’re interested in learning more about cybersecurity strategy, talk to one of our experts. We’ll share best practices and most cost effective ways to keep your mission-critical data secure and available.
Call now while the headlines are still fresh in the minds of the people controlling your budget.