Generative AI, cyber insurance fill out city CISO toolbelts
Local government cybersecurity officials said during an online event Tuesday that procurement, cybersecurity insurance and generative artificial intelligence are all tools they can use to combat ransomware.
Officials said they continue to be concerned with ransomware attacks, a longstanding threat to the public sector that rose 51% during the first eight months of 2023 compared to the same period a year earlier, according to the Center for Internet Security.
“Unfortunately, Atlanta several years ago had a ransomware attack. So that is very fresh in their minds,” Atlanta Chief Information Officer Alan Greenberg said during StateScoop and EdScoop’s Cybersecurity Modernization Summit. “They are very incentivized to make sure they put in all of the proper protections.”
Local agencies often have strict procurement rules to ensure government has the opportunity to spend tax dollars on the most effective and cost-efficient technologies. But those slow processes can become obstacles to rapid response.
“This is a lessons learned — make sure you understand your entity’s emergency procurement process,” said Brian Gardner, chief information security officer of Dallas, which last year suffered a ransomware attack that knocked offline the court system and Dallas Police Department website. “When you have a [cyber] event, you don’t want that to be a tripping point for yourself to slowing your ability to recover down.”
Gardner urged security officers to familiarize themselves with state and local emergency contracting protocols so they can be ready for cyberattacks.
Kim Lagrue, New Orleans’ security chief, said she’s an advocate for cybersecurity insurance, which can help offset costs from common cyber risks, including data breaches and ransomware.
“Cybersecurity insurance gave us a blanket move forward,” Lagrue said. “But many areas, small municipalities, smaller organizations, struggle to afford cyber security insurance, as the premiums have escalated so high.”
According to a 2022 survey by the nonprofit CompTIA , 92% of local governments have a governmentwide cybersecurity policy for employee behavior and operations. The report found that while cyber policies can help mitigate the cost of malicious attacks, they do not always provide municipalities enough coverage to offset the full cost of recovery.
Officials said that generative artificial intelligence is making ransomware attacks more sophisticated, but likewise gives governments a powerful tool to detect threats. Lagrue said it’s important to educate government employees on cybersecurity awareness and emerging technologies.
“We’re talking to people at the mayoral level and our CIO or city managers level and saying these are the things that our environment could face as technologies evolve and expect that ransomware or our security threats will advance,” Lagrue said. “We are giving them good use-cases for generative AI and just being hyper vigilant about what generative AI could bring to an organization.”