Firewalls, multi-factor authentication and lots of VPNs: How CISOs dealt with the pandemic

October marks National Cybersecurity Awareness Month. But it’s not like the bad guys are taking the other 11 months off.

In 2020, the attack surface that state governments need to defend has exploded. With hundreds of thousands of government employees working remotely due to COVID-19, state cybersecurity officials are suddenly responsible for defending people connecting from home networks and personal devices. That means more VPN licenses, stronger firewalls, tougher identity and access management — and probably doing it on budgets that’ve barely moved in the past few years.

In the second episode of the StateScoop 50 podcast series, Technology Editor Benjamin Freed talks to the winners of this year’s Cybersecurity Leader of the Year awards. State chief information security officers from across the country explain how the health crisis required them to massively scale up the security and access management tools they’ve been building up for years, and do it quickly.

We had two weeks,” Virginia CISO Mike Watson says about getting 60,000 state network users ready to work from home indefinitely.

Meanwhile, as the pandemic’s gone on, CISOs have also had to watch out for cybercriminal activity, like phishing emails, ransomware and attempts to defraud government programs like unemployment benefits.

“We did see a jump in phishing … especially related to Covid,” says Missouri CISO Stephen Meyer.

But many state IT organizations have also been doubling down on the cybersecurity training they provide to government employees, as the coronavirus-induced remote-work boom continues.

Things start to get very different you’re at home,” says Georgia CISO David Allen. “Just making sure that whatever gains we secured through heightened awareness through previous training [is] even more important now. And, in our opinion, we need to step up our game even more.”

On this podcast:

  • Solomon Adote, CISO, State of Delaware
  • David Allen, CISO, State of Georgia
  • Stephen Meyer, CISO, State of Missouri
  • Michael Watson, CISO, Commonwealth of Virginia
  • Yvette Florez, director of identity and access management, Colorado Office of Information Technology