Security

NACo Adds Risk Ratings Tool to Its Community Portal

SecurityScorecard makes it easier for counties to monitor their security posture.

Michael Hickey is an Editor at Manifest.

The National Association of Counties, in partnership with global cybersecurity ratings provider SecurityScorecard, introduced a cybersecurity risk evaluation tool to its members not long ago. In doing so, NACo gave county governments a way to more easily monitor risk and improve their security.

After piloting SecurityScorecard in 38 counties, NACo made the platform available through its Tech Xchange online portal, which provides technology infrastructure resources to county CIOs, IT directors, CISOs and other county IT leaders.

“Working with SecurityScorecard will enable us to improve the overall health of county networks and provide immediate access to information about cyber threats and risks, not only for county networks but also for third-party partners,” says NACo CIO Rita Reynolds. “This expansive approach offers sophisticated, real-time data that enhances counties’ capacity to monitor and protect critical assets.”

Click the banner below to receive customized insights as an Insider.

Counties Receive Risk Analysis for Better Cybersecurity

SecurityScorecard’s ratings analyze the security posture of an organization. An agency’s Total Score consists of a number and a letter grade, from A (100) to F (0), and is a weighted average of 10 Factor Scores, which group and describe different aspects of cyber risk. SecurityScorecard dives deeper into its methodology on its website.

The 10 Factor Scores allow organizations to see the vulnerability in specific parts of their security architecture. This includes application security, Domain Name System health, endpoint security, network security, asset management and IP reputation.

SecurityScorecard’s ratings are dynamic and change over time. The company constantly scans its customers’ networks after giving them an initial score so the customers know where they stand in the present. Customers can also get alerts when the score changes.

LEARN MORE: The role of FITARA scorecards in IT modernization efforts.

NACo’s Partnership Yields Results for Local Government Security

Since the partnership began in July, SecurityScorecard has helped counties uncover security risks and vulnerabilities. In a webinar in October with NACo, SecurityScorecard staff threat researcher Robert Ames outlined a recent ransomware attack against a county government. SecurityScorecard used its Attack Surface Intelligence to determine that bad actors targeted IP addresses that were running vulnerable SSH software and had port 22 open.

During the SecurityScorecard pilot period, from March to May, participating counties uncovered security risks and subdomain issues that needed to be addressed, according to NACo’s Reynolds. By the end of the pilot, the counties’ overall scores had improved almost across the board.

“When you look at our workloads, even when we have dedicated IT security, it’s really hard to keep up with all of these different threats,” Reynolds said in the webinar. “The automation part of it is what saves a ton of time, as long as you still have human intervention to be reading and watching it.”

EXPLORE: What local governments need from federal cybersecurity grants.

How SecurityScorecard Can Bolster Security Across Government

Through its partnership with NACo, SecurityScorecard boosts its growing presence in the public sector. Recently, SecurityScorecard increased its work with congressional committees, federal and state agencies, and local authorities.

SecurityScorecard “meets regularly with government agencies for policy and operational collaboration, including threat intelligence briefings for major government agencies,” according to a press release from the organization.

Rowan Jordan/Getty Images