Jul 14 2020

Make the Case for Security Spending

Many priorities compete for limited IT budget. Improving communication between IT and governments leaders can help ensure security gets what it needs.

Although no state and local government was fully prepared to shift to all-hands teleworking earlier this year, agencies made it happen. They invested heavily in laptops and cloud services to boost the capabilities of a newly remote workforce.

Still, with the change in work environments and tools came familiar cybersecurity threats. State CIOs reported continued ransomware attacks hiding behind phishing emails crafted to reference the national emergency or purchase orders. 

Research from CDW and IDG indicates that at the start of 2020, security fell behind other priorities such as modernizing IT and improving collaboration for state and local agencies; government leaders anticipated spending only 23 percent of their budgets on mitigating risk over the next two years. But the added vulnerabilities created by telework may cause agencies to revisit those plans. 

Opening the Dialogue on Security Technology Investmentsialogue

As they meet to discuss security funding, IT and government leaders should first take the time to unite around a common understanding of the agency’s risk posture, as well as its security needs, goals and challenges. The recent surge in phishing attacks makes realignment in this area crucial to achieving buy-in for additional defenses. It also highlights the need for a more comprehensive approach to reducing risk — one that encompasses people, processes and technologies.

Hacking a government network can begin innocently with a user clicking on an email link, whether they’re sitting in an office or at home. Security tactics shouldn’t be so rigid that they must change substantively depending on a worker’s location. Instead, they must consider the people involved and how to best equip them to mitigate risk.

That’s likely why so many government leaders surveyed by CDW and IDG are considering investing in added email security solutions. It also explains why agencies rightly emphasize the human aspect of security.

By providing awareness training and creating policies that keep the agency’s broader mission in mind, IT teams combat threats without impeding delivery of citizen services. Communicating that approach and value to government leaders is key to gaining support for security initiatives and getting ahead of today’s growing risks.