New attacks powered by artificial intelligence, a more complex environment informed by zero-trust architecture and service outages like July's CrowdStrike incident have combined to make life more difficult for cybersecurity professionals.

“We’re talking about sophisticated, professional, well-funded organizations where they have hundreds, if not thousands of people who show up to work every day in a nearly corporate-like environment to do cybercrime, “ said Utah Chief Information Officer Alan Fuller.

Schools are among the public sector agencies facing the growing barrage, their challenge made more difficult by small budgets and understaffed IT offices. Their networks are also attractive targets to bad actors for other reasons.

“A lot of times, they’re flat networks that use a ton of different applications, which are inherently meant to be easy to access and user friendly, which creates a large surface area for any sort of threat actor to get to,” said Jillian Rucker, section chief of state, local, tribal and territorial engagement at the Cybersecurity and Infrastructure Security Agency.

And the recent ransomware attack on Columbus, Ohio, illustrates just how bad things can get for a local government not prepared to manage the disruption and damage caused by a successful cyberattack.