Cybersecurity is a top concern for every state CIO and chief information security officer (CISO). While every state is working hard to secure its systems and networks, the relentless onslaught of diverse threats continues to expose vulnerabilities. Recent “hacktivism” by the online group Anonymous illustrate the extreme susceptibility of state agencies and others running critical services on exposed servers.
Deep budget cuts are not making it any easier for states to secure the vast amounts of personally identifiable information (PII) and personal health information (PHI) that state governments need to collect and maintain in order to serve their citizens. What other challenges loom largest? These issues top the list:
BYOD (Bring Your Own Device) practices by employees
The use of smart phones and other mobile computing devices by the employees of state agencies is soaring, making it harder to monitor who has access to what data and applications, as well as how, when and from where users access systems. Mobile devices also blur the boundaries of the network.
For these reasons among others, state agencies need to focus more efforts on protecting sensitive data, in addition to network and infrastructure security. That also means adding anti-malware and anti-fraud capabilities to protect mobile online transactions as more and more employees – and citizens – access state systems using mobile devices.
Web-based access to critical systems
State agencies have worked hard to expand and improve Internet-based services to their constituents, including the collection, updating and sharing of PII. At the same time, cybercriminals have launched a blistering assault of web-based attacks and scams. Because of the nature of the data they maintain and their use of web portals, state departments like motor vehicles, health & human services and public safety/law enforcement are at high risk.
State agencies rely increasingly on third-party vendors to house data off-site, as well as to undertake key tasks like application management and threat and vulnerability monitoring. Even if in-house defenses are strong, incursions can take place through a vulnerable vendor – or even a community organization or other partner.
A comprehensive security assessment of third-party data sources is a daunting but essential first step towards vulnerability assessment for state agencies. A further concern is improper access to systems, including leaking of data, by contract and third-party employees.
With foreign governments and organized crime syndicates aiding and abetting the cyberthugs, cyber security risks continue to escalate in power and sophistication. State governments have their work cut out for them. Any malicious data breach can not only compromise vital agency information and software assets, but also abrogate the trust that citizens place in the government to safeguard their privacy.
Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant.
A Best-Practices Guide to Government Information Security
Download our proven Government Vendor Risk Management Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your agency.