Cyber stalkers present serious threats to businesses, governmental entities and organizations of all types. The ever-present danger is said to be increasing at an alarming pace, and because the aftermath of any cyberattack is so devastating and costly, technology changes are occurring at a dizzying pace. In spite of that, most citizens do not believe that current cyber security efforts are adequate.
According to a recent study, 50 percent of state and local governments experienced six to 25 breaches in the prior 24 months, and 12 percent experienced more than 25 breaches. The federal government will spend approximately $17 billion to enhance cyber security in 2017 but state and local governments are being forced to address the same threats with much less when it comes to funding and resources. In a recent survey, 80 percent of state chief information officers (CIOs) indicated that the lack of funding for cyber security is their top challenge.
In spite of restrained resources, public officials at the state levels of government are currently involved in, or discussing and planning, cyber security enhancement projects. The National Governors Association (NGA) is trying to help and has issued recommendations for a number of basic actions that should be initiated.
The organization is urging governors and state legislators to analyze the cost and benefits of cyber security and to move beyond reliance on regulatory processes, the most common ways states have addressed cyber threats in the past. The suggestions for immediate action are interesting and helpful, but cyber security experts urge government leaders to do much more.
For instance, many states are investing in more data security training for state employees. And, it’s obvious that employees cannot perform well as the first line of defense if they are not painfully aware of the dangers of neglect or haste or inattention when dealing with critical information and network security. Security protocols should be standardized and monitored continually but old networks and legacy technology are almost like sitting ducks on a pond for cyber stalkers.
Private-sector firms own and operate 85 percent of critical infrastructure in the United States and some, but not all, rely on world-class technology experts to keep their data networks safe. State officials don’t have the funding to attract and retain world-class cyber security talent. As a result, almost all engage private-sector firms to help them address cyber threats. Interestingly enough, though, private-sector firms may be less interested in contracting with governmental entities. Demand for technology talent is so great that many companies are making their greatest efforts in the commercial sector.
Government procurement for goods and services has always been a lengthy process but that must change. Some public entities are addressing streamlining the acquisition process and that is particularly encouraging. Changes must occur or private-sector firms will lose interest in providing the best talent and technology advances to government.
Government leaders are particularly focusing on power grids, utility cooperatives, transportation and water security. Governors have been urged to ensure adequate protection to even the smallest communities because so many are vulnerable. Cyber stalkers with even low levels of expertise are attracted to susceptible targets.
Taxpayers and citizens realize the risks but few individuals feel the need to reach out to elected officials and express their concerns. If ever there was a time for individuals to let their elected officials know of their concern for cyber security, surely it is now.