Governments should look under the hood to make sure their IT systems are safe from cyber criminals

Cities and counties should take a close look at their entire IT setup to ensure security against cyber threats, says Josh Koenig, co-founder & chief strategy officer at Pantheon, a website operations platform that offers tools that enable building Drupal and WordPress cloud-based sites with streamlined workflows, scalable infrastructure, and a fast, efficient content delivery network. The company provides web-hosting solutions to governments.

“The first step is to assess the current state of security: the surface area, the technical situation and the practices and processes that govern the human elements of security. Unless this has been done recently, or there’s been zero change or staff turnover since the last audit, the most important thing is to know where to focus. In all likelihood, there are multiple issues to address,” Koenig tells Co-op Solutions.

The surface area, which can be susceptible to digital attack, encompasses all the equipment and software that connect to an organization’s network. These include applications, code, ports, servers and websites. It also encompasses unauthorized applications or devices that team-members and other users may install without management’s permission.

Koenig says that if IT leaders don’t have a comprehensive picture of the state of security, they risk neglecting something that is important. “They might focus on the first thing they find and leave open other unknown gaps that could be far more critical.”

Koenig says public-facing systems like websites have a much larger attack surface. “As more public services move online, the criticality of these systems goes up. A static website being knocked offline is embarrassing, but one that’s compromised can facilitate identity theft, spread misinformation and do other harmful activities.”

He adds that another area of vulnerability is anything that’s Internet-connected but still managed via a legacy or on-premise approach. “While there’s psychological comfort in knowing where the systems are, the truth is that in most organizations, this infrastructure is the most likely to be outdated or suffer from human error in terms of maintenance.”

To read the complete article, visit American City & County.