Large corporations and the federal government are not the only targets of costly cyberattacks. State and local agencies also face unique challenges in protecting their systems, critical infrastructure, and citizens’ personal information. With the rise of increasingly sophisticated cyberattacks, state and local governments must stay vigilant and proactive, continuously updating their cybersecurity measures. Understanding the top public sector cybersecurity challenges and learning from recent attacks on similar entities are essential steps for state and local officials. Staying informed on mitigation strategies is crucial for enhancing resilience against cyber threats.
Threat 1: Outdated Legacy IT Systems and Infrastructure
State and local governments work hard to serve the citizens of their states, cities, towns, and municipalities. They must stay mindful of securing citizens’ sensitive data, and ensuring services are not interrupted due to cybersecurity events. However, smaller local governments often run on legacy IT systems and outdated infrastructure, making them more vulnerable to cyber threats.
Aging technologies, older operating systems, and unsupported software increase state and local governments’ risk and susceptibility to cyber threats. Older systems often have limited processing power, memory, and bandwidth, making them more likely to be overwhelmed by the malicious heavy traffic from a designated denial of service (DDoS) attack. Having its citizens’ sensitive data compromised can immediately and significantly impact public trust and confidence in the institutions and agencies designed to support them.
Notable public sector examples from March 2024 include DDoS attacks knocking several Alabama government websites and the Pennsylvania state court website offline.
Modernization initiatives and upgrading systems are ideal solutions, but budgets are tight. State and local governments that can not allocate funds to update essential systems should prioritize vulnerability management programs as part of a risk-based approach to cybersecurity. Regular vulnerability scans, penetration testing, and patching efforts help mitigate the risk of exploitation by cyber threats.
Threat 2: Ransomware Attack Prevalence
Ransomware attacks have become one of the most prevalent and financially damaging cyber threats targeting state and local governments. Ransomware attacks involve malicious actors infiltrating networks, encrypting critical data, and demanding large ransom payments for decryption keys.
The disruption and inconvenience caused by ransomware can paralyze government operations, causing widespread service outages, irreplaceable data loss, and significant financial repercussions.
News of ransomware striking state and local governments across the country have become concerningly common.
- A ransomware attack forced a weeks-long closure of Jackson County, Mo., offices, leaving residents unable to make tax payments or conduct online searches for property records, marriage licenses, and county inmates, among other disruptions.
- In Tarrant County, Texas, ransomware attackers demanded $700,000 after taking control of the website and knocking out email and phone lines of the Tarrant Appraisal District.
- The New Mexico Administrative Office of the District Attorney spent days trying to get servers back online after a ransomware attack locked prosecutors across the state out of their essential files.
The 2018 attack on Atlanta remains the most significant security breach by ransomware against a major American city, affecting up to 6 million people and costing the city almost $17 million.
Off-site backup and recovery procedures can safeguard against breaches and mitigates the impact of government ransomware attacks. Maintaining frequent backups of critical data in secure locations will ensure rapid restoration following an attack. Additionally, automated patch management tools will streamline security coverage across government networks, eliminating many of the vulnerabilities ransomware exploits for infiltration.
Threat 3: Insiders
Whether their actions are accidental or intentional, insider threats pose a significant challenge to the cybersecurity posture of state and local governments. Insiders with privileged access to sensitive systems and data can compromise security through data theft, internal sabotage, or unintentional actions, such as falling for a phishing attack.
The healthcare, financial, and technology sectors are most prone to insider threats, and many insider cyber incidents result from negligence. According to Gurucul’s 2023 Insider Threat Report, more than half of all organizations have experienced an insider-threat incident within the past year.
More than two-thirds of data breaches (68%) involve a non-malicious human element, such as a simple user error or falling victim to a phishing attack, according to Verizon’s 2024 Data Breach investigations Report. The communication giant’s insight on the subject doesn’t mean it’s immune to insider threats. In a breach that occurred in September of 2023, but went undiscovered for months, approximately 63,000 Verizon employees had social security numbers and other personal data exposed via a colleague’s inadvertent, unauthorized possession of sensitive files.
Implementing access control measures, including least-privilege principles that give users only the bare-minimum access necessary to perform their job duties, can limit the exposure of sensitive information. To ensure insider access, supplement conventional proceedings with audits of user permissions, delete accounts of former employees, and require strong passwords with frequent updates or multi-factor authentication.
Use employee training and awareness programs to emphasize a security-minded culture. Highlight the importance of safeguarding sensitive information, recognizing suspicious behavior, and promptly reporting security incidents. Consider deploying robust monitoring tools to track user activities and detect abnormal behavior for early warning of potential insider threats.
Threat 4: Third-Party Vendor Risk
State and local governments rely heavily on third-party vendors for many services and solutions. These relationships introduce additional cybersecurity risks within vendor systems. Weaknesses or vulnerabilities are entry points for cyberattacks to infiltrate government networks.
In one of the furthest-spanning cyberattacks on record, a zero-day exploit of Progress Software’s MOVEit file transfer tool led to data theft of more than 62 million individuals. The 2023 attack has impacted more than 2,000 public and private organizations, including state government agencies in Maine, California, Maryland, Minnesota, Illinois, Missouri, Louisiana, and Oregon.
Thorough assessments of third-party vendors’ cybersecurity practices and capabilities are an essential mitigation strategy. State and local governments must implement measures to ensure service providers do not become cybersecurity risks. When utilizing third-party risk management (TPRM) processes, evaluating critical security protocols, data protection measures, and incident response plans can be time-consuming. A streamlined approach to procuring qualified vendors can save the public sector time and money.
Find Solutions for Public Sector Challenges in RAMPxchange
The RAMPxchange cybersecurity marketplace plays a pivotal role in helping state and local government agencies address cybersecurity challenges. Alined with a centralized platform for streamlining the procurement process, governments collaborate with peers and industry stakeholders as they access trusted cybersecurity solutions. Connect with a RAMPxchange representative today to join or learn more about how state and local governments can leverage the marketplace to prevent cyber threats.