How Can We Better Prioritize Cybersecurity in Municipal Settings? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Scot Barker, Chief Innovation Officer at City of Burlington

Ask any Chief Information Officer across any level of government what keeps them up at night and cybersecuritywill likely be at the top of the list. Cybersecurity was recently ranked as the top threat facing all levels of government today. Federal agencies like CISA (Cybersecurity and Infrastructure Security Agency) make cybersecurity their number one focus and work to push that same focus to states and municipalities.

Yet, even with the knowledge that cyber threats are on the rise, it is often difficult to get attention, much less funding,to address cybersecurity issues at a government level. Because so many of the issues dealt with at these levels are physical, and cybersecurityis not; it often takes a distant back seat to the other tangible issues that arise.

Just how big is this problem? CISA estimates that one in three home computers are infected with malicious software. According to, the United States is the highest targeted country, with 46 percent of all cyberattacks targeting Americans. reports that 44 percent of global ransomware attacks in 2020 targeted municipalities. And saw a massive upswing in cyberattacks in the second half of 2022, when compared to the same period in 2021. It is impossible then, to assume government entitiesare somehow isolated from cyberattacks.

Given all of this information, what can governments do to protect their citizens and employees? To start with, governments need to create positions that are specifically focused on cybersecurity. Depending on the size of your community, it may require several full-time employees. These people need to be supported with funding, policy, and public support of the work they do.

Distributed ledger technologies such as blockchain could fundamentally change the legal sector, making it more efficient, resilient, and reliablGovernments also need to realize they cannot be successful alone. Working with organizations like CISA is a must. Governments should also work with an external MSSP (Managed Security Service Provider) to provide an additional layer of observation and prevention. And system administrators should work hand in hand with cybersecurity professionals to make sure servers, routers, and phones stay up-to-date with the latest anti-virus and security patches.

Every employee should be required to take updated cybersecurity classes on at least an annual basis. This should be one of the requirements for being employed. Every employee, no matter the level, and whether they are at home or at work, should be aware of and practicing good cyber hygiene. Educational efforts should be ongoing. Perhaps a brown-bag lunch series where each month a different cyber security topic is discussed: phishing, how to safely use WiFi and VPN, and how to spot and avoid ransomware.

You cannot spend too much time on cybersecurity, and you are never too small a target. The threats are growing, and are more sophisticated than ever before. Becoming a victim is no longer a matter of if, but when. Merely hoping to avoid an attack cannot be considered a strategy. There is just too much at stake.


Click Here For The Original Source.

National Cyber Security