Public Sector: Bigger Challenges, Fewer Resources When thinking about how many people public sector organizations must secure, consider that the average US county has a population of 106,007, according to census data, analogous to all of Procter & Gamble's 107,000 employees.
Beyond staffing levels, the organizational structure of state governments hasn't evolved with technological advances.
A central IT group may operate on behalf of many agencies, but that level of integration and authority doesn't typically extend to cybersecurity, creating a patchwork of protection and a heavy burden for local IT administrators.
A whole-of-state cybersecurity strategy emphasizes information sharing, partnership, and collaboration in an environment of cost savings through economies of scale and centralized functions.
It allows state leaders to assist in mitigating cybersecurity threats across municipalities, providing a cohesive approach and united front.
Cybersecurity should also work this way, particularly as technology evolves and the number of tools grows.
States like Oregon and Minnesota are adopting this framework and, as public sector attacks continue to proliferate, WoS is emerging as an essential strategy.
Pooling resources and capabilities under centralized state leadership expands the impact of threat intelligence, early warning systems, and rapid response.
A collective defense posture led by the state is not about ceding control but empowering local agencies to punch above their weight class.
For WoS cybersecurity to work, both sides need to buy in.
Municipalities have to raise their hands and ask for help, and states need to be willing to provide it.
How to Pull It Off The State and Local Cybersecurity Grant Program provides funding to address the most pressing cyber-risks that threaten tribal, local, and state governments.
Through SLCGP funding, eligible agencies and organizations can develop and enhance their cybersecurity capabilities including network security, incident response capabilities, risk assessments, and cybersecurity awareness and training programs.
Once states and municipalities agree to develop and support a WoS strategy, it's important to increase and adopt efforts incrementally.
Security training and phishing campaign awareness are lightweight efforts that serve as a great first step with WoS cybersecurity.
With maturity and support from legislatures and municipalities, having all web traffic pass through the state's domain might be a logical early step.
In Ohio the Secretary of State required cybersecurity training for boards of elections before the election cycle, supporting efforts to improve and demonstrate the integrity of the system and its results.
Last year, 210 local governments and school districts in Massachusetts received grants to fund cybersecurity training for their employees, improving their cyber hygiene and measurably increasing their resilience.
Forming a United Front Against Attackers Collaborating to take a WoS cybersecurity approach can create similar benefits anywhere.
WoS cybersecurity is a united front to defend against threat actors, harden security posture, and protect the constituents who depend on government services.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 17 Jan 2024 15:05:19 +0000