Cybersecurity continues to be a major challenge for state and local governments, and the issue will likely grow in importance in the coming year. First, they are popular targets. During the first half of 2019, nearly two-thirds of ransomware attacks targeted state and local governments. Second, they face a multitude of threats—data breaches, ransomware, phishing, malware and more—and they must be prepared to defend against all of them. For example, last year, government officials in Cabarrus County, N.C., fell victim to an online social engineering attack in which the scammer stole $1.7 million in taxpayer funds. Third, and perhaps most important, with continued growth in e-gov applications and smart city initiatives, state and local governments are collecting and storing more data than ever before. Securing this information will need to be a top priority.
But as Daniel Castro explains in his latest GovTech column, many agencies simply aren’t up to the task. They don’t have the talent, training or resources to respond to the most advanced attacks. Nor is it necessarily reasonable to expect them to. They can outsource some of these security roles to the private sector, just as they do with other IT responsibilities, but they still must be accountable.