New research shows local governments practice a distinct lack of cybersecurity preparedness. And with local, state, and national elections coming up this year, cyberattacks are a concern.
In a recent post, anti-malware vendor Emisoft sounded the call for both private and public sector businesses to be on the lookout for cyberattacks leveraging themes related to upcoming elections - from campaign fundraising to promoting stories about candidates, the possibilities are endless. And, given the heightened political tensions that exist in the U.S., potential victims are already emotionally charged enough to respond to phishing and web-based attacks.
According to a 2019 University of Maryland, Baltimore County (UMBC) report, state and local government are grossly underprepared:
- Slightly over one-third of government organizations have no idea how often security incidents occur
- Over two-thirds are unaware of the frequency of actual data breaches
- Less than half keep track of attacks
In essence, government operations, by definition, aren’t security-minded.
Put these two issues together and you have the makings of attacks that can damage, alter, or cripple elections at a state and local scale. Even ransomware attacks today are expanding operations to attack beyond simply encrypting data and holding it for ransom. Attacks now include stealing data and using extortion to improve the chances of a paid ransom, as well as hacking victim networks, which can give entrée to other kinds of attacks.
Both public and private sector organizations need to move forward with operations that include a security mindset. Layered security, data protection, Security Awareness Training, and endpoint protection are all necessary parts of proven security execution. But, in the case of state and local governments, it’s going to need to start at the top with a tough stance on cybersecurity in order to see necessary changes made throughout the organization.