Collaboration with local governments and public higher education is critical to managing increasingly complex cyber-risk.
According to a new research document from Deloitte and the National Association of State Chief Information Officers (NASCIO), as US state and local governments are top targets for ransomware and other cyber-attacks, they can benefit by working together. The report claimed that they are often a target for ransomware and other attacks and that there is “a value to having states build a collaborative relationship with local governments and institutions of public higher education.”
This can enable all parties to benefit from sharing knowledge and resources, and coordinating approaches. “Such a collaborative approach may offer considerable advantages in terms of cost efficiencies, better cyber-hygiene and culture, and improved security of citizens’ data,” the report said.
Reflecting on 2020, the report claimed the pandemic forced state governments to “act quickly in response to public health and safety concerns” and this led CISOs and their staff to support the increased demands for technology, enabling remote work “despite being severely constrained by the lack of resources for cybersecurity.”
It claimed security teams “worked closely with IT departments to secure the government enterprise, the virtual work environment, technology infrastructure and the supply chain.” The top cybersecurity challenge barriers to overcome cited were the following:
- Lack of sufficient cybersecurity budget
- Inadequate cybersecurity staffing
- Legacy infrastructure and solutions to support emerging threats
- Lack of dedicated cybersecurity budget
- Inadequate availability of cybersecurity professionals
“Reinventing statewide operations overnight, moving quickly at scale, relying on available resources amplified the importance of cybersecurity and highlighted shortcomings in the cybersecurity ecosystem,” the report said.
It also stated that some of the changes made in response to the COVID-19 pandemic are likely to remain, such as remote working, and “delivering citizen services without the need to visit government offices in person may become the norm as well.” This is because “states will need to adjust to this new reality, and CISOs will need to orient their strategies to meet the needs of this next normal.”
“The last six months have created new opportunities for cyber-threats and amplified existing cybersecurity challenges for state governments,” said Meredith Ward, director of policy and research at NASCIO. “The budget and talent challenges experienced in recent years have only grown, and CISOs are now also faced with an acceleration of strategic initiatives to address threats associated with the pandemic.”
Srini Subramanian, principal at Deloitte and Touche LLP, and state and local government advisory leader, said: “Continuing challenges with resources beset state CISOs/CIOs. This is evident when comparing the much higher levels of budget that federal agencies and other industries like financial services receive to fight cyber-threats.”