5 Ongoing Cybersecurity Concerns and How SLTTs Can Beat Them

Malicious actors are increasingly targeting U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. A recent report from BlueVoyant found that cyber-attacks targeting state and local government organizations, in particular, rose an average of 50% between 2017 and 2020. It added that the actual rate of growth could be much higher.

Why Are SLTTs Struggling to Defend Against Threats?

To answer this question, we can look to the results of our 2020 Nationwide Cybersecurity Review (NCSR), a no-cost, anonymous, annual self-assessment which measures SLTTs' cybersecurity gaps and capabilities. In 2020, participants reported that they've been struggling with the same five cybersecurity concerns since 2015. Let's examine each of these obstacles below.

1. Lack of Sufficient Funding

As recently as Q4 2021, few SLTTs had sufficient funding for their cybersecurity efforts. Just 15 states had a dedicated cybersecurity budget at that time, noted Tanium. Those states set aside at most 3% of their overall IT budget on cybersecurity. By comparison, cybersecurity received 10-20% of private-sector organizations' IT spending.

Things changed with the passage of President Biden's infrastructure bill. According to GovTech, the bill created a grant program with $1 billion in funding for improving cybersecurity. It also set up a separate fund to assist SLTTs and private-sector organizations in the aftermath of a cyber-attack.

However, challenges remain. Small cities and counties don't always have the expertise to put a cybersecurity proposal together, for instance. Without a proposal, these entities could lose out on cybersecurity grant money offered through the new infrastructure law, wrote The Pew Charitable Trusts.

2. Increasing Sophistication of Threats

Digital threats continue to grow in sophistication, as evidenced by the commercialization of cybercrime. Take ransomware as an example. Ransomware-as-a-Service (RaaS) operations use affiliate structures through which people with low levels of technical expertise can conduct ransomware attacks. Similarly, ransomware gangs are increasingly turning to Initial Access Brokers (IABs) as a means of buying access to their victims' networks so that they can concentrate all their efforts on developing more powerful encryption software. Taken together, these innovations help attackers to conduct more sophisticated campaigns at scale. 

3. Emerging Technologies

In a list of five emerging technologies for 2022, Gartner discussed how humans and web-enabled technology systems will increasingly interact in digital workspaces known as "smart spaces." SLTTs can use these types of ecosystems to perform preventative maintenance on their buildings, automate their billing processes, and conduct other tasks. The issue is these technologies are new for most, which makes it difficult for security teams to protect them.

4. Lack of Documented Processes

Many SLTT security teams don’t have documented policies and plans in place, such as an incident response playbook. Without these formal plans, teams need to reinvent their procedures at every stage of cyber defense. This can slow down responders during a security incident, enabling digital attackers to cause more damage in the process.

5. Inadequate Availability of Cybersecurity Professionals

The global number of unfilled cybersecurity positions reached 3.5 million in 2021—a 350% increase over 2013 estimates. According to Cybersecurity Ventures, the same number of jobs will be open in 2025. This ongoing skills gap equates to fewer trained professionals who can drive a cybersecurity program forward, let alone manage the day-to-day security operations of the business. This only compounds the challenges discussed above, feeding a vicious cycle.

Where Do These Cybersecurity Concerns Leave SLTTs?

SLTTs should consider investing in cybersecurity technologies that align with their budgets, help account for sophisticated threats, and multiply the force of their internal teams. They should specifically look to tools that champion a defense-in-depth approach to cybersecurity. These types of solutions take a layered approach to security, preventing a single point of failure and introducing new obstacles that an attacker must overcome to compromise a network.

To help organizations with their defense-in-depth efforts, the Center for Internet Security (CIS) partnered with Accenture to create CIS Managed Security Services (MSS). The purpose of these services is to monitor SLTT intrusion detection systems (IDS), firewalls, and other devices for malicious or anomalous activity. MSS sends this information to CIS's 24x7x365 Security Operations Center (SOC), where experts filter out false positives and send out an alert when the detected activity is actionable. This helps SLTTs save time and effort in continuously identifying and managing risk, defending against network intrusions, and protecting workstations and servers against cyber-attacks.

MSS can also help SLTTs overcome some of the cybersecurity concerns discussed above. These services are managed, which means SLTTs don't need to rely on the expertise of internal security personnel to implement them. Instead, they can rely on the SOC to analyze customers’ network environments for signs of anomalies and malicious activity, including indicators that could be coming from advanced threats. Additionally, MSS is specifically designed with SLTTs (and their budgets) in mind.

That's why CIS is excited to announce that SLTTs can save 10% when they enroll in MSS for a limited time or when they add new devices to their existing plan. Alternatively, they can take 20% off when they bundle MSS and Albert—CIS's network monitoring and management solution—together.

Not One Year More

The cybersecurity concerns identified in our NCSR have plagued SLTTs for years. But they are not insurmountable. With the help of MSS, SLTTs can take steps to address these cybersecurity concerns and defend their networks against digital threats.