In our age of digital connectivity, cities and counties across the country must meet the ever-increasing demands of citizens and businesses for efficient and effective digital government. The coronavirus pandemic has only intensified these demands; socially distanced employees and citizens need digital-first services now more than ever, and organizations that lack a robust digital infrastructure are struggling to cope with COVID’s new normal.
But with this ever-accelerating shift to digital and online services, cybersecurity is more important than ever before. Cybersecurity experts reported an 800% surge in cybercrime since the start of the pandemic, with approximately 4,000 cyberattacks occurring each and every day.
No one is safe from this surge in cybercrime. Hackers today have their sights set on everything from personal work accounts to essential government infrastructure. If we’re going to thrive in our more heavily digitized economy and society, then we will need the cybersecurity protections that make all of our digital interactions safe.
The coming 5G revolution only further increases the need for adequate cybersecurity. With speeds potentially 100 times faster than the current generation of wireless technology, 5G can support a wider array of online services, platforms and digital equipment than ever before. For local governments, this means newer, better, faster and more formidable technology tools at their disposal, as well as faster and greater data sharing and remote work capabilities.
But all these benefits will come at the cost of even more significant digital exposure to hackers and cybercriminals.
Cybersecurity isn’t easy; it can often be very costly, and good cybersecurity typically scales more slowly than digital innovation, leaving us at risk as we adopt new technologies. But that doesn’t mean we can’t get cybersecurity done and done right. As we enter the second year of the coronavirus pandemic, I want to highlight three areas of cybersecurity that governments must focus on in their efforts to deliver the best in digital government:
For years, cybersecurity policy has been the unspoken elephant in the room. Tech insiders and IT experts have known about the rising threat of cybercrime. But business and organizational leaders have all too frequently postponed discussing this threat and formulating the policies necessary for mitigating it; approximately 7 in 10 organizations are ill-prepared for a cyberattack.
The coronavirus pandemic changed all that. The rapid and often haphazard digitization of whole spheres of economic and social activity has forced the conversation about cybersecurity to the forefront. Many businesses with fully remote workforces, for example, must now confront the reality of their data protection and cybersecurity needs for their remote workstations. With so much crucial infrastructure and information exposed to hackers, cybersecurity can no longer be put on the backburner.
The time is ripe for a renewed discussion of cybersecurity policy at every level of every organization and government. Remote employees need to be briefed on the best practices and protocols for keeping data safe online, and governments need tight cybersecurity policies in place to prevent a disaster.
Cybersecurity architecture is one of the core components of digital safety. Poorly designed or shoddily implemented digital systems can entail significant cybersecurity vulnerabilities. It’s not necessarily a matter of bad technology; cybersecurity is as much as about how well you’ve built new technologies into your existing systems and communication channels as it is about the quality of the technology itself.
Nowhere is the importance of cybersecurity architecture more evident than in our remote workforces today. Almost overnight, governments across the country had to transition from an in-person, in-office workforce to a remote workforce. All things considered, that transition was pretty successful. But many governments implemented remote work systems that vastly outstripped their existing cybersecurity architecture.
In a perfect world, governments would have had more time to test, probe and refine their remote work systems before having to rely on them. But we don’t live in a perfect world. As we go forward, governments should make sure that their cybersecurity architecture is up to snuff, or else they risk courting cybercriminals and hackers. Good data backups, up-to-date cybersecurity software and secure network connections are all parts of good cybersecurity architecture.
Finally, good cybersecurity requires clear and effective digital operations. COVID-19 rapidly tore down pre-existing barriers to digital government. Faced with the choice of adapting to digital government or struggling to provide continuity of services during a pandemic, many governments have quickly and effectively changed their daily operations to meet their newfound digital needs.
But emergency changes to daily operations are not enough. Governments will have to codify, systematize and normalize the new digital operations. That means, among other things, tearing down artificial or merely bureaucratic barriers to effective remote work and ensuring legacy communications channels are updated to meet the needs of the moment.
By focusing on the three aspects of policy, architecture and operations, governments can lay the groundwork they need for effective cybersecurity in the post-COVID world. Governments will have to act fast; 5G is coming, and will bring its own hurdles for governments rapidly adapting to keep pace with changing technology. As we move to 5G-enabled government systems, Governments must update their cybersecurity now, or risk a cyber-attack or data breach that will have devastating consequences.
Roger Murphy is director of IT managed services at Avenu Insights & Analytics.
In a May article published on GCN, director of information technology Roger Murphy explains how local government agencies can identify and address security vulnerabilities that could lead to attacks in a remote work environment.
Recent events have accelerated a transformation toward digital document storage, online and mobile services and automated services. However, digitalization opens up new opportunities to hackers and criminals looking to access private information. This month, The Wall Street Journal published an article explaining how hackers are “changing their ransomware tactics to exploit the coronavirus crisis,” especially among organizations that need their “data back right away to operate.”
Local governments should consider ransomware attacks a “when” not “if” scenario. Everyone on the team needs cybersecurity training and access to enhanced security tools to combat these new threats. Read more at GCN.com.
Over the past two years, hackers have attacked local government agencies more than 184 times, disabling systems for hours and sometimes days. Recently, Atlanta and Baltimore were hit with ransomware attacks that crippled their online and administrative systems. More than a week after the cyberattacks, officials still are working through the setbacks caused by the shutdown of their digital processes and services.
As cities and counties become more dependent on their IT infrastructure to manage their data and daily operations, cybersecurity must be a priority that starts with the budgeting process.
How much discussion occurred last year about cybersecurity during your planning? Funding needs to cover not only hard costs, such as software, but also soft expenses, such as training. Here’s why.
Our cybersecurity experts point to software vulnerabilities as a leading cause of attacks like ransomware, and there are ongoing costs for the subscriptions and other services that distribute security updates and prevent attacks. However, it’s often the human factor that allows public agencies to fall victim to these attacks when an unsuspecting staff member clicks on a bad link or downloads a “malware” file.
At Avenu we have access to sensitive information for municipal clients across the nation, so we place a high priority on security. We have developed a series of best practices around our “detection, prevention and recovery” strategy to stay ahead of threats. Contact us if you’d like to learn more about it.