Shifting the cybersecurity burden for state and local governments

The public sector is a magnet for cyber criminals, as state and local governments continue to battle a wave of malware attacks every year. Adversaries understand that state and local governments, through no fault of their own, have limited budgets and overextended security teams, many of which are stressed by alert fatigue and the complexity of remote and hybrid workforce protections. Couple the resource dilemma with being a valuable target for cyber criminals, state and local governments, municipalities and school districts are being asked to do too much on their own. Furthermore, new attacker tradecraft is actively evolving, increasing the immense burden of responsibility carried by government agencies to secure their critical infrastructure and public works while safeguarding the public’s trust.

A sense of urgency is mounting as state and local agencies assess their options to prevent the next ransomware breach. But how can a government agency protect its critical assets against heavily funded adversaries without employing the level of cybersecurity solutions that only the largest global organizations can afford to employ?

A recent White House-issued cybersecurity advisory begins to describe what is needed for government agencies. As important, the advisory calls on the cyber community to share the burden and responsibility of securing government assets. Taken together, I believe these two headlines can begin to even out what is currently an unfair fight in favor of the adversary. After all, the attacker only needs to be right once; cybersecurity professionals must be right every single time.

Here are two key takeaways from the recent White House advisories:

• The S. 2022 Joint Cybersecurity Advisory established guidelines that recommend Managed Detection & Response (MDR)-level capabilities as a minimum security baseline. MDR must prevent initial compromise, enable monitoring and logging, and develop and exercise “Incident Response.”
• The White House 2023 National Cybersecurity Strategy says “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”

Considering these two federal advisories together when searching for a cybersecurity solution for state and local governments, the solution needs to be proactive technology that can prevent cyberattacks. But it also needs to be delivered at a price within the public sector’s budget, not the budget of a global financial institution. So, what does that mean?

MDR is a cybersecurity service and product that detects malware and suspicious attacker reconnaissance activity and responds to these threats with automated and/or human-led alerting, blocking, and attack mitigation. The “managed” element takes the task off the government agencies and puts it on a Security Operations Center (SOC) or team of expert security analysts that perform threat hunting, malware analysis and other services for full management of your security profile, for you. This is a happy marriage of 24/7 “we’ve got your back” human-led threat management, threat intel and incident response capabilities with (often automated) detection-first capabilities.

To read the complete article, visit American City & County.