What I’m doing: Celebrating the kids going back to school this week!
What I’m reading: Building a Story Brand, by Donald Miller (the book and the blog)
What I’m listening to: CT Public Radio’s The Wheelhouse
My town’s first (and, to date, only) big cybersecurity incident didn’t make widespread news. To be honest, we circled the wagons pretty tightly in the immediate aftermath. Most town residents are probably still unaware aware of the breach or the resultant consequences.
Our incident straddled the line between a cyberattack and more old school phishing. Instead of paying a contractor a regular $2 million installation, a town employee was fooled by a false contractor email into wiring the payment into a different account – one that went first to New York and then on to China. The town’s $2 million was gone, and we realized the need for immediate staff training and some new accounts payable procedures.
The incident also made all of us – on staff and on Council – more aware of the constantly evolving threat environment. It was clear that we should be taking proactive action on many fronts to prevent future loss. Our voters, however, prioritized our low mill rate, our Aaa Moody’s bond rating, and the more obvious public-facing services. In other words, resources were scarce, and citizen focus was elsewhere.
In-House vs. Outsourcing
This context – I’m sure not an unusual one – can compel leaders to dig in house and see what can be done with the internal resources on hand. On matters of cybersecurity, however, the increasing complexities and rapid evolution of technology may mean that the most effective tools and knowledgeable staff to fight cyberattacks simply aren’t there.
Recent articles in GovTech and CompTIA have made interesting cases for why local governments might be better off outsourcing some or all of their IT operations, including cybersecurity. In GovTech’s interview with Teri Takai, the executive director of the Center for Digital Government and former CIO of the U.S. Department of Defense, Takai points out some pain points for local governments struggling to keep up with cyber threats:
- Lack of resources
- Aging technology
- New technology that doesn’t integrate with existing systems
- Lack of size and scale to appropriately meet evolving challenges
- Lack of executive understanding and appropriate funding/support
As Takai noted, “There is no ‘one-time spend’ that makes a jurisdiction 100% secure.”
Neither can a jurisdiction really go it alone. Successful emerging models of cyber threat management involve collaborations, partnerships, and economies of scale. This can be a tough sell – a challenge I know well, coming from a parochial New England town. Sharing resources can feel an awful lot like losing control. It can be uncomfortable and unpopular.
Partnership and MDR Options
Opportunities exist between federal, state, and local governments, as well as between traditionally siloed departments such as IT and public safety, to join forces and share technology and expertise. Particularly in tech infrastructure and threat monitoring and detection, jurisdictions can connect with a shared technology partner.
Utilizing a managed threat detection and response (MDR) service is another avenue to economically detect malicious behavior and safeguard data. It allows organizations to benefit from cybersecurity domain expertise without the need to invest in training, development, or headcount, as outlined in this recent blog, Why Your Business Should Consider Managed Threat Detection.
Culture is Key
Another important action is to cultivate an organization-wide cybersecurity culture, one in which every department is involved in the ongoing effort. Creating this culture means developing cybersecurity awareness throughout your entire organization, which will lead to organizational practices that support the secure execution of your business strategy. This article contains a concise five steps to help your organization build a cybersecurity culture.
“The ability of smaller organizations to address the threats without collaboration, shared resources, and support of the technology partners is a thing of the past,” Takai said.
All of us with tight budgets should consider partnerships, resource sharing, and managed threat detection options to stay ahead of cyber threats and avoid potentially devastating loss.