Increased Funding Anticipated To Protect Public Entities From Cyber Sleuths

Most governmental entities don’t have adequate funding to upgrade security systems. And, most agencies have older legacy systems which are very susceptible to hacking.    By, Mary Scott Nabers

Just mention the word “cybersecurity” and chief information officers (CIOs) shudder. In governmental agencies, the shuddering may be even more pronounced.

Fears of cyber-attacks during last month’s general election, an increasing number of ransomware incidents, data breaches in governmental agencies and cyber hackers with unbelievable skill sets – that’s what keeps CIOs on edge. The task of keeping their networks and their highly sensitive data safe gets harder each week, and there is no relief in sight.

Government agencies have some of the most attractive and lucrative data to be found anywhere – Social Security data, credit card information, health records and driver’s license numbers.

It’s no small wonder that state CIOs, in a recent survey sponsored the National Association of State Chief Information Officers (NASCIO), chose security as their number one priority. It is the fourth consecutive year that “security” topped the Top Ten list of concerns for state IT issues.

People tend to remember data breaches for a long time. Texas had a bad one in 2011 when sensitive information from the State Comptroller’s Office was accidently made accessible to the public.

That data included names, addresses, Social Security numbers and other personal information of 3.5 million people. The agency moved quickly to protect people because the potential for financial damage was great.

In 2012, South Carolina’s computers in the Department of Revenue were hacked. Cyber thieves took 3.8 million Social Security numbers, 3.3 million bank account numbers and private data related to nearly 700,000 companies.

As recently as last month, San Francisco’s Muni public transit system was the victim of a ransomware attack. Hackers disabled computers and computer systems and literally held users hostage while promising to disengage once a fee was paid. Although no data was actually stolen, approximately 1,000 computers were affected.

Most governmental entities don’t have adequate funding to upgrade security systems. And, most agencies have older legacy systems which are very susceptible to hacking.

Public officials are responding in many different ways. Texas’ Department of Information Resources (DIR) has issued a request for offers (RFO) for a cooperative contract for managed security services. The agency hopes to find an affordable way to provide uniform and consistent data security by consolidating the services of many agencies.

Minnesota Gov. Mark Dayton has proposed spending $46 million to address cyber-security. He wants to update the state’s legacy systems, add new security features and develop comprehensive plans to address future cyber-attacks.

The state of Idaho, because of a major breach of fish and game agency data, invested in a $25 million cyber-security insurance policy. The information breached was held by a private-sector vendor, so the state did not suffer financially.

However, officials are aware that high-dollar costs are incurred when a breach occurs. The private vendor ended up paying about $5 million.

The state wants to be protected from future unwanted and unexpected data breaches where there might not be a private company involved.

As a new year approaches, states will continue to address security issues. The projection is that IT budgets will be increased, and most CIOs will make time to talk to companies with cyber-security services and solutions. 

This article originally published by Strategic Partnerships Inc.