State and local governments across the United States suffered at least 162 ransomware incidents last year, and the attacks continue in 2020 as organizations are occupied responding to a global health crisis.
Anyone who’s spent time in a government IT role is familiar with the malware’s devastating results. Ransomware attacks don’t just hinder government departments — the effects radiate out to all constituents in a community. They may impact the ability of constituents to interact with their local government in ways that are usually taken for granted. System outages may leave residents unable to pay water bills and traffic fines or cripple the ability of agencies to process real estate transactions.
To create a more robust security posture that can identify and defend against threats, it takes the focused effort of the entire organization.
Attacks are becoming more sophisticated and organizations have more data to defend than ever before. The Dell Technologies Global Data Protection Index shows that organizations are on average managing almost 40 percent more data than they were a year ago. Chief information officers and their teams are responsible for maintaining financial, health and other sensitive information for citizens, employees and the private sector.
To protect the personal data of their constituents and organizational data, CIOs must coordinate with all members of their technology teams to define responsibilities that fit their cybersecurity roles. The team must integrate security into every solution.
Citizens, government cybersecurity teams and CIOs are all working together to make cybersecurity efforts effective and to ensure protection doesn’t stop within a government building but extends across the population. This includes open and clear communication, clearly defined roles and a common goal that keeps government IT teams laser focused on the highest-value efforts.
To help the community contribute, CIOs can promote security hygiene at libraries and other locations where public computers are available, offer training to small municipalities and school districts that have limited resources, and reach out to small business leaders to share best practices for protection, response and recovery efforts in the event of a security incident.
Before an incident happens, it’s critical to develop resiliency and crisis plans that outline steps community stakeholders should take in the wake of a breach. This coordination and collaboration should be a back-and-forth process as part of the team effort that requires CIOs listen to their constituents, respond to their needs and develop new methods of securing the IT ecosystem.
To deliver a robust security program, CIOs must hire, train and retain a qualified cybersecurity workforce and create a culture in which security is everyone’s responsibility. To achieve a highly secure environment, it’s necessary to recognize that employees can be an organization’s greatest asset and its weakest link. All end users should receive security awareness training and understand their roles in mitigating risk.
A modern and unified cybersecurity approach keeps entire communities aware, agile and resilient to today’s most common cybersecurity threats. This holistic approach turns security into a key business enabler, allowing community organizations to cost-effectively and securely fulfill their missions.
We can’t stand idle and wait for cyberattacks to happen. CIOs must take a new role delivering cybersecurity as a public service. CIOs must ensure that their organizations are prepared to deliver secure solutions and workplaces while supporting constituents to safeguard communities. This collaboration will be critical to securing all of our data, now and in the future.
Ann Dunkin is the chief technology officer for Dell Technologies’ state and local government business. She formerly served as the chief information officer of Santa Clara County, California, and the CIO of the U.S. Environmental Protection Agency.