State and local governments will be prime cyber targets in 2022: How to stay protected

Cybersecurity in 2021 was defined by a significant increase in high-profile attacks that affected all levels of government, from federal to state and local.

As recently as December 2021, cyberattacks on state and local government’s key networks continue to occur. The recent string of malicious and dangerous attacks demonstrates an active threat to the critical infrastructure of state and local governments.

Research from Comparitech showed that in 2020, 79 ransomware attacks were executed against U.S. government organizations, totaling an estimated $18.88 billion in downtime and recovery costs and illustrating the severe risks that state and local governments face when it comes to cyberattacks.

Progressing into 2022, it’s clear agencies must be prepared to proactively protect themselves against cyberattackers by using comprehensive security solutions capable of providing protection from endpoint devices to the cloud.

Isolated, on-premises tools are no longer enough to tackle ever-evolving cyberthreats. To truly ensure secure networks, agencies must practice good cyber hygiene while investing in integrated platforms and solutions that can secure data at all access points.

Securing overlooked gaps
Years ago, attackers would use techniques like brute force attacks to find small cracks in an organization’s security, then exploit that entry point to take the entire infrastructure. While attackers still use this method, there are myriad other discreet ways for cybercriminals to find their way in.

Compromised credentials continue to pose a risk—Lookout’s Government Threat Report found more than 70 percent of phishing attacks against government organizations sought to steal login credentials, a 67 percent increase from 2019. The same report found that in 2020, one in 15 federal, state and local employees were exposed to a phishing attempt.

To protect their networks, state and local governments should begin to implement integrated, endpoint-to-cloud security solutions that provide increased visibility on the network by proactively and automatically monitoring for threats.

With remote work likely to continue, considering historically overlooked mobile devices is essential. Apps on personal and work-related mobile and other network-connected Internet of Things (IoT) devices constantly communicate with different entities and systems. Often, the interactions are not monitored, amplifying already exposed security gaps. For example, many organizations use HR software to send employees’ personal and financial information to payroll systems. Once the apps are connected, organizations often do not continue monitoring for changes in behavior.

To read the complete article, visit American City & County.