Enforce Cyber Hygiene and Look to Multifactor Authentication
With ransomware a persistent threat to agencies and phishing a common method of installing ransomware, IT officials should turn purchase defenses against these attacks if they have not already. Multifactor authentication is a critical way to stop hacks against government systems before they begin, and instituting an MFA system is a critical step for agencies that do not yet have one.
According to Dark Reading, agencies should seek data analytics solutions if they lack them. Security information and event management technology and security orchestration, automation and response solutions would be good bets for spending federal grant money, as they gather information to inform agencies about likely threats. Local governments in particular should work hard on their basic cyber hygiene.
“Most incidents could have been prevented had security basics been done properly — identifying vulnerabilities, patching systems, using multifactor authentication for external access and using appropriate tools to detect unusual activity,” Chris Yule, director of the Secureworks Counter Threat Unit, tells Dark Reading.
LEARN ABOUT: The keys to countering cyberattacks against state and local agencies.
Forge Working Relationships with Security Operations Centers
In a recent webinar produced by FedInsider, panelists called for strengthening connections between state and local governments and suggested building joint security operations centers (SOCs) to do so while enhancing cybersecurity capacity.
Laine Cavazos, national state, local and education practice manager for Rubrik Public Sector, endorsed the idea of building out regional SOCs, as Texas is currently doing. “I see some other states that have regional SOC requests for proposals on the streets right now. Those would lay the groundwork for what could be delivered on a larger scale after the funding for the infrastructure money comes through.
Alaska CISO Chris Letterman agreed. “One of the ways that Alaska is exploring that concept is there is this idea of a joint cybersecurity operations center that’s being pioneered out of North Dakota, and a few other western states are involved in this thing.”
When it comes to basics, “Focus on getting a basic set of services in place, such as stock monitoring, detection, patch management and incident response plans, and then take it up a level with next steps, like two-factor authentication, vulnerability assessments, etc.,” Cavazos advised.
“Michigan’s CIO, Laura Clark, mentioned doing cyber assessments by county in Michigan to qualify them for funding once guidance is available, because you really have to understand where everybody is at and what you can do to best help them, as every county is going to have different levels of incomes and maturities,” she added.
This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.