Cyber Attackers Set Sights on State and Local Government

Now that the federal government has woken up to the threat of cyber attack, hackers have turned their sights to state and municipal government agencies, which they view as easy targets — and for good reason.

Why State and Local Governments Are Vulnerable

Did you know that state and local governments only allocate about 5% of their budget to IT security? For comparison’s sake, large enterprises spend about 10%. When you consider this gap, it’s no surprise hackers are targeting vulnerable government agencies at the state and municipal level.

Just how vulnerable are these agencies? According to the 2016 U.S. Government Cybersecurity Report — a study that graded over 600 government agencies on IT security — 60% of the lowest performing local agencies received a grade of “F” in network security. At the state level, 80% of agencies that scored below a “B” also received an “F” in network security. Other areas of weakness uncovered include malware infections and software patching cadence.

Why are municipal and state governments so vulnerable? Limited budgets and spending priorities are big factors. Outdated equipment and legacy systems are everywhere in government; and government agencies find it difficult to recruit top IT security talent who can command much higher compensation in the private sector.

Beyond infrastructure, government agencies are attractive targets for the wealth of data they control. Government data centers are a goldmine of high value data like social security numbers, driver’s license numbers and healthcare records. Municipal agencies are also a great place to go for trade secrets, intellectual property and the financial data recorded in contract negotiations.

How To Improve Cybersecurity in State and Local Government

But we all know that government budget shortfalls and legacy system problems can’t be made to disappear overnight. Nevertheless, there are basic steps public sector agencies can take to improve system and data security. These include:

1. Patching known vulnerabilities. Stay informed of the latest exploits and keep software and hardware up to date by installing patches as soon as they’re released.
2. Improve IP reputation. Monitor all incoming and outgoing traffic; and be sure to investigate and blacklist all suspicious activity, immediately.
3. Secure your network by closing all unneeded ports and patching ports in use regularly. Establish multi-level authentication processes and restrict and/or deny network access to all unauthorized users. Make sure all SSL certificates are up to date, and encrypt data wisely — knowing that RC4 encryption has been found to be insecure.

Where To Start

Deploying new cybersecurity is easier said than done; however, which is whereXiologix can help. Xiologix has extensive experience helping government agencies at all levels protect their data and network from the prying eyes of cyber hacks.