Security

Good Cyber Hygiene Keeps State and Local Agencies a Step Ahead

CDW’s research emphasizes that results look very similar across public and private sectors.

Twitter

Ryan Petersen has worked in publishing for more than two decades, most of it spent creating award-winning content and strategy for CDW’s family of tech magazine brands. As editor-in-chief, he works with his team to develop compelling and useful industry-focused stories to share with the technology world. Outside of work, Ryan enjoys spending time with his children, traveling, online gaming, and following Iowa Hawkeye sports and Cubs baseball.

Cyber resilience is the capability of any organization to weather and recover from a cyberattack with the goal of minimum disruption to daily business. Government agencies often face funding challenges to obtaining a desirable level of cyber resilience, but all organizations may experience similar budget crunches. In fact, in a recent propriety research report, CDW concludes that cybersecurity challenges look very similar in the public and private sectors.

In an exclusive interview, New Orleans CIO Kimberly LaGrue tells StateTech, “Cyber resilience is truly born out of having plans.” As the CDW research report notes, “cyber hygiene is a relatively simple way to bolster resilience.” Stephanie Hagopian, vice president of security for CDW, identifies some steps in cyber hygiene as “basic preventive measures you can take, such as stronger credential management, basic email protection from spam or phishing attempts, and keeping systems patched and firmware updated.”

Across all verticals, these actions could prevent most cybersecurity incidents, Hagopian says.

Click the banner below to review an exclusive report about cybersecurity.

Resilience Against Ransomware

When looking at local government specifically, mitigating ransomware attacks often is the top goal of boosting cyber resilience. In 2019, New Orleans and Lodi, Calif., both suffered ransomware attacks, and they both learned a great deal about resilience in the aftermath of those attacks. The FBI reports that $12.5 billion was lost to ransomware attacks in the U.S. alone in 2023.

In its 2024 report on ransomware, Sophos observed that state and local governments have increased their resilience to attacks in the past year. Among various industries, state and local governments saw the “lowest frequency of attack,” with 34 percent hit by ransomware in 2023. But agencies reported “the highest rate of data encryption” after an attack, with 98 percent of attacks encrypting data, according to Sophos.

Ransomware attacks targeting state and local governments may be down in Sophos’ survey partly because governments are limited as to what they can pay bad actors. But the consequences of a successful attack still remain serious. In addition to primary systems, aggressive attacks have attempted to damage backup systems as well, Sophos notes. This reality reminds officials not to rely too heavily on one solution, and that a holistic approach to cyber resilience wins the day.

alvarez/Getty Images