When cybercriminals attacked Atlanta’s information security systems with ransomware last year, much of the city’s services were offline for a week. Days later, a different cyberattack took down Baltimore’s 911 and 311 systems for 17 hours. The Colorado Department of Transportation also was attacked, as was the San Diego public school system.
In the battleground of cyberwarfare, state and local governments find themselves on the front lines, trying to defend against rising attacks that are increasingly sophisticated and always changing. Chronically underfunded and short-staffed, states and municipalities report that they often don’t know when their systems are breached, missing opportunities to thwart attacks.
In 2017, nearly half of states didn’t maintain a separate budget for cybersecurity, and funding for cyber remained flat for at least two years in one third of states, according to a 2018 report from the National Association of State Chief Information Officers. The report advised “bold action” for better cybersecurity to include partnerships with industry.
In 2018, almost every sensor-enabled endpoint — everything from traffic lights to surveillance cameras to trash trucks and ambulances that drive the Internet of Things — were found to be vulnerable to attacks, according to Symantec’s annual “Internet Security Threat Report.” Additionally, the report found high risks associated with the cloud, where more than 70 million records were stolen or leaked from poorly configured S3 cloud storage buckets.
This is all to say that state and local agencies face an unprecedented threat environment, one in which they must fight with limited resources and budget. So, how can they navigate this current landscape to better protect citizen data and privacy?
How Managed Security Services Enhance Agencies’ Cybersecurity
To keep up with today’s constantly evolving threats, many agencies are turning to a managed security services (MSS) approach, allowing private sector cybersecurity experts with industry and regional expertise to act as an extension of the state and local IT security teams. By having the industry partner focus on real-time monitoring, threat prevention and response, government IT workers can focus not only on the daily operations that must take place but on how they are serving their constituents in this digital era.
MSS changes the cyber equation by building an advanced threat detection system with 24/7/365 monitoring, powered by global threat intelligence and hundreds of cyber experts monitoring millions of endpoints and attack sensors across on-premises and cloud environments.
With the increased transition to the cloud, stealthier attacks and the wealth of data that is driving IoT, many agencies are outsourcing this service to free up government staff to focus more on IT strategies and less on cybersecurity tactics.
The MSS approach enables agencies to strengthen their cyber posture while maximizing security spend and augmenting in-house security staff when budgets are tight and the ability to find and hire talent is difficult. Because MSS is service-based, it shifts spending from capital to operational expenditures, providing a consistent cost structure to help agencies manage cyber budgets more effectively.
MSS Helps Nevada Address Threats Across a Wide Range of Agencies
In the state of Nevada, IT leaders were challenged with trying to overcome the unique challenges of designing security programs broad enough to address control sets from myriad regulations while securing a wide range of data types and supporting the business processes of dozens of agencies. These are issues faced by most state governments.
Nevada’s answer has been a decentralized security model that empowers agencies to operate independently, but with a layered security approach of outside experts to give enterprisewide detection capabilities. This has created collaborative partnerships through which agencies can more easily become aware of broad threats while getting customized expertise on more specific problems.
Also, the MSS approach ensures that agencies stay up to date on security audits and maintenance, freeing staff to focus on the more inherent aspects of governing.
States, cities and counties are finding out the hard way that they can’t hire or train their way into adequate cybersecurity, which requires 24/7 oversight — the funding is just not there. The answer is in the collaborative partnerships and layered security approach of managed security services.