Study: Comprehensive, collaborative approach needed to address cybersecurity threats
Cybersecurity has always been a problem at the state and local level, but the global health crisis has compounded the issue by straining budgets and complicating the threat landscape. To address these threats, state and local governments must partner alongside academic institutions.
That’s according to a new study released by Deloitte and The National Association of State Chief Information Officers, (NASCIO) that revealed the increasing need for centralized structures and policies around cybersecurity at the state level, and emphasized the need for collaborations with and between local governments and academic institutions to manage increasingly complex threats – particularly in the new reality of the post-COVID world.
“The last six months have created new opportunities for cyber threats and amplified existing cybersecurity challenges for state governments,” Meredith Ward, director of policy and research at NASCIO, said in a statement. “The budget and talent challenges experienced in recent years have only grown, and CISOs are now also faced with an acceleration of strategic initiatives to address threats associated with the pandemic.”
Among the report’s key findings were insufficient cooperation at the state level with local government and other entities. Only 27 percent of states provide cybersecurity training to local governments and public education entities, and only 28 percent of respondents reported they had collaborated extensively with local government as part of their state’s cybersecurity program. For context, 65 percent reported limited collaboration.
“As with all things related to cyber, it’s important to train everyone and enable the appropriate culture, awareness, et cetera throughout an organization. With diversified workforces enabled by increased connectivity, local government operations will continue to become more complex, thus making them increasingly likely targets for cyberattacks,” Tim Li Deloitte’s Cyber Risk Services Government & Public Services industry leader, told American City & County. “Hence, it is important to support those entities that have most likely been underserved in the past.”
Li suggests that states and local governments need to take a more collaborative, comprehensive approach to address cybersecurity concerns – these issues do not exist in silos, and approaching them as if they do is ineffective at best, and disastrous at worst.
“States have had a fairly robust cyber awareness training programs for several years; in the spirit of collaboration, transcending governance boundaries to embrace a “whole-of-state” approach to cyber, the programs at [the] state level could be extended to local governments as well,” Li added.