Top 5 Cybersecurity Trends in State & Local Government

In today’s digital landscape, citizen behavior and the adoption of a hybrid workplace model have greatly changed the way state and local governments run their operations, making it an easier target for cybercriminals. This, combined with the fact that many state and local governments may not have salient cybersecurity plans or strategic roadmaps in place means more gaps and vulnerabilities in security exist.

Global cybercrime costs are expected to reach $10.5 trillion annually by 2025. To top it off, the average total cost of a breach in the public sector increased from $1.93 million to $2.07 million from 2021 to 2022. (Cost of a Data Breach Report, 2022, IBM)

Gone are the days of cybercrime being committed only by skilled hackers. They are savvy businesspeople who have successfully built a cybercrime gig economy by selling the tools needed to launch a cyberattack to anyone interested in doing so. Expert hackers make it easy by offering the tools as a Software as a service (SaaS)-style subscription service, delivered on a cloud-based platform. SaaS are any services that are connected to the cloud over the internet, such as Outlook, Salesforce, Dropbox, etc. Additionally, cybercriminals make it affordable for even a hobbyist to perform a cyberattack by purchasing a phishing kit for as low as $6/day. A bad actor can get everything he needs to attack your state and local government for as little as $20, thanks to the cybercrime gig economy.

1. Rise of Ransomware & Cyberthreats

“Cyberattacks have emerged as one of the most significant threats to our homeland,” says Secretary of Homeland Security Alejandro N. Mayorkas; and he’s not wrong. Through the cybercrime gig economy ransomware is now available for purchase as a service, meaning bad actors can purchase everything they need to infiltrate your organization and hold your data for ransom as easily as they can order takeout.

These attacks are threatening schools, healthcare, even state governments and federal elections—and cybercriminals show no sign of slowing down. It is important to be prepared in the event of an attack, and you can start by asking yourself two mission-critical questions: Has your company evaluated its existing incident response protocols? How are you prepared to recover from a cyberattack? There are various security assessments that state and local governments can invest in such as a Ransomware Security Posture Assessment that will help you assess your tools, procedures, and overall ability to defend and mitigate the impact of a ransomware attack.

3. Evolving Regulations and Laws Around Security Standards

We are seeing a higher focus placed on security requirements in the form of federally and state-mandated security standards. These mandated requirements recognize the landscape’s growing threat and strive to protect data privacy and security, as well as cybersecurity transparency. Some of these federally mandated regulations include Cybersecurity Maturity Model Certification (CMMC) and Minimum Acceptable Risk Standards for Exchanges (MARS-E). While there are organizations to support the development of these higher standards of security and compliance and those seeking to achieve them—like the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO)—there’s no denying that an investment of time and resources is necessary to excel in areas of regulations and compliance.

The State and Local Cybersecurity Grant Program (and the forthcoming Tribal Cybersecurity Grant Program) can be the backbone of your future plans to fortify your cybersecurity and the basis of projects rooted in regulatory requirements. Don’t be overwhelmed by increased regulations; trusted cybersecurity vendors and partners are here to help ease the burden and provide support.

5. emerging technology and growth of AI

Cloud and AI technology have changed the way the world operates. Office employees can work remotely from anywhere with the right tools in place. Civilians can do just about anything online (e.g., transact payments on city websites, pay utilities online, renew their licenses, etc.) without ever having to leave their homes. The demand for digitalization shows no signs of slowing down. Government sectors that do not choose to invest in emerging technology can fall behind.  Governments should consider adopting the cloud, collaboration tools, and AI to help create efficiency, improve citizen services, make data-driven decisions, enhance their security, and remain competitive for growth.

While leveraging new technology and AI has many opportunities and advantages, there are also security risks to consider such as - proper configuration and integration, ongoing updates and monitoring, what data is being collected and stored, access and identity concerns, routine security tests to ensure gaps are identified and remediated timely, etc. To learn more, check out our similar AI articles on our resource library page. 

Apply for cybersecurity grants when they become available through FEMA.gov or other resources.

Get involved and talk to industry leaders and peers to better understand the government landscape challenges, trends, regulatory changes, etc.

Instill the importance of cybersecurity in your company culture – remember that your greatest line of defense is your employees. The more you can educate and encourage them to act and report suspicious activity, the less risk you’ll have.

Remember to schedule your regular security testing and audit. Identifying vulnerabilities and risks regularly will help you prevent any major breaches in the future.

Asking for help and guidance from trusted partners like Bulletproof, a GLI company who have the skills and resources to help you run and secure your government operations.