Unique aspects of data-incident response in local government

For years, private companies have struggled to protect the data of consumers against security incidents and cyberattacks by malicious threat actors. More recently, there has been a growing surge of data breaches impacting the public sector, and local governments face unique challenges in responding to such incidents.

The triage and analysis required following the discovery of a security incident can be a difficult and costly undertaking for any organization. Even private companies with vast resources and large cybersecurity budgets that seemingly do everything “right” when it comes to protecting themselves against cyberattacks can still find themselves in the unenviable position of responding to a security incident.

The challenges of cybersecurity are particularly intense for state political subdivisions, which often handle a wide variety of personal data because of the number of departments within each locality and the nature of the services those departments provide. These factors can exacerbate the already complex task of determining the scope of a security incident and, subsequently, who an entity is required to notify, and when such notices must be sent.

In addition to facing a major financial loss from both the cost of the initial response and any necessary security hardening measures, for local governments the fallout from the reputational damage caused by consumer data exposure can negatively impact civic engagement and public trust. Security breaches can also interrupt critical services performed by local governments, such as public utilities, law enforcement activities and emergency services.

Local governments face unique risks and challenges when it comes to data security and incident response. Localities house a great deal of personal data and that, combined with a lack of public resources to dedicate to cybersecurity hardening and incident preparedness, makes them an attractive target for threat actors. The frequency at which data breaches are happening at the local government level only seems to be increasing, and localities should anticipate this trend will continue.

In March 2022, the FBI released a special report warning local governments about their increased risk of being victimized by cyber threat actors. According to the report, based on incident reporting to the FBI between January and December 2021, local government entities were one of the most targeted groups by cyber attackers, second only to academia. The methods used by threat actors to gain access to sensitive data have diversified over the years, while also becoming more and more sophisticated. According to the FBI, the most commonly employed techniques against government entities are phishing emails, remote desktop protocol exploitation and software vulnerability exploitation.

To read the complete article, visit American City & County.