Top of Mind Cybersecurity Trends for State & Local Leaders in 2020
Government services are increasingly at risk by the new technologies that enable them. Sophisticated cybercriminals, hackers, and malicious actors now attack state and local government technology systems daily and seek to inflict financial, reputational, and physical damages to their targets. By nature of their large organizational structures, limited budgets, and complex political landscapes, government IT departments face a myriad of challenges in responding to these threats. Guidehouse identifies 10 key trends in cybersecurity that should be at the top of every state and local government CISO’s mind for 2020 as they decide how best to lower their security risk profile.
Gone are the days when random hackers or teenagers running code in their basements posed the greatest cybersecurity threats. Now, state and local governments are top targets of well-funded professional cyber criminals. Using various means to debilitate business processes, steal public records or data, and extort unprepared organizations for ransom, cases abound of governments being caught unprepared or ill-equipped to respond and recover from a cyberattack. For example, in March 2018, the City of Atlanta was paralyzed by a hack that held the city hostage.1 The Atlanta Municipal Court could not validate warrants and police reports had to be done by hand for almost a week. One month later, the Colorado Department of Transportation was impacted by a similar attack, seriously limiting the agency’s functionality and costing over $1M in damages to its system.2,3 Authorities continue to speculate on the sources of these attacks, but it is clear that they are not the work of random hackers. Rather, they are the work of nefarious criminals. Responses and patches are only met by attackers adjusting their tactics to find new points of entry, new vulnerabilities, and new means to damage government services and reputations.
Politicians tout the cost savings made possible by technology and automation in their states and communities. Citizens appreciate increased access and greater convenience of renewing a license online or enrolling in health insurance. However, these improvements rely on state and local government IT departments to ensure that agencies function and deliver the services citizens need. E-government services with single sign-on access portals, user-friendly websites, and online payments are becoming political priorities. Internet of things capabilities unlock new revenue-saving and monitoring opportunities. IT functions spread across multiple agencies are undergoing consolidation to enjoy economies of scale. By nature of accessing these government services and operating in local jurisdictions, citizens increasingly provide valuable data to government servers. These forces all combine to exponentially increase the amount of data managed by government, expand interdependencies between systems, and heighten security risks and responsibilities.
Given the cybersecurity challenge to address new and evolving threats in an era of e-government, how can CISO’s prioritize their efforts and make inroads on building a more resilient government IT infrastructure? We identify several leading trends in cybersecurity, emerging threats, and potential solutions that should be on the top of CISOs minds in 2020.