States at risk: The cybersecurity imperative in uncertain times
The pandemic has highlighted public-sector cyber leaders’ resilience—but has also called attention to long-standing challenges facing state IT and cybersecurity.
Deloitte and the National Association of State Chief Information Officers (NASCIO) have issued States at risk: The cybersecurity imperative in uncertain times, the 6th edition of the joint biennial report (6th edition). The report notes that the pandemic has highlighted public-sector cyber leaders’ resilience, yet also reveals long-standing challenges facing state IT and cybersecurity. Noting the importance of cybersecurity, it identifies specific challenges including: lack of sufficient and dedicated cybersecurity budget, and inadequate staffing and talent pools. Experts with Gurucul and Point3 Security offer thoughts.
Saryu Nayyar, CEO, Gurucul:
“Cybersecurity is one of those things that is too often under-valued until something goes wrong, and the biennial report by Deloitte and the National Association of State Chief Information Officers (NASCIO) reinforces that impression. Worse, with State organizations, the problem can be amplified by a general lack of the IT budget to replace legacy systems and modernize their infrastructure. The problems are compounded this year by a pandemic and a major election cycle, which both present their own challenges. While people in the cybersecurity industry have been voicing their concerns for at least the last two years on election security, partisan politics has thwarted efforts at the state and local levels to implement some badly needed improvements.”
Chloé Messdaghi, VP of Strategy, Point3 Security:
“The commercial and industrial sectors are learning that if they don’t invest in cybersecurity, they ultimately don’t have a product. The same holds true for the public sector – if local and state governments don’t invest in cybersecurity, they can’t effectively offer services and protect citizens’ data. Ultimately it impedes their ability to serve democracy on even the most basic levels, including offering fair and honest elections. Apathy plays a role, certainly. Not on the part of those in the security and IT trenches, as much as on the part of those who budget for state and local governments. Their attention is elsewhere, until they become the next ransomware headline. We need for these decision makers to care more about the population – and need to hold them fully responsible for what happens when budgets and resources aren’t there. This starts with making the general population more aware, and more demanding of effective cybersecurity among our government agencies and state and local offices.”