Escalating ransomware and other cyber-attacks over the last year have exposed glaring vulnerabilities in state and local government IT networks.
During 2019, there were a reported 140 ransomware attacks targeting public, state and local government and healthcare providers, a 65-percent jump from the previous year.
In a presidential election year – and one made even more uncertain by the enormous social and commercial adjustments forced upon us by the new coronavirus – it’s all the more vital to strengthen cyber defenses at public agencies across the country.
The federal government is taking notice. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security (DHS), has stepped up warnings on pending attacks and the consequent need for vigilance and cyber hygiene.
Moreover, beginning in fiscal year 2020, DHS’s Homeland Security Grant Program (HSGP) is requiring that jurisdictions receiving HSGP funds will be required to devote at least five percent of their funding to cybersecurity. (Due to the coronavirus pandemic, DHS has extended its HSGP application deadline to April 30.)
One way of meeting that requirement is to conduct a cyber risk analysis. Haystax, a business unit of leading cybersecurity services provider Fishtech Group, has performed over 150 risk assessments of various types in the past and recently completed a cyber risk assessment of a large city’s information security assets.
Haystax is leveraging our experience and expertise to help other state and local governments tackle this pressing problem with a new Cyber Risk Analysis program. At the core of our offering is a tool, developed by Haystax experts using our patented risk analytics methodology, that quickly and accurately gives state and local agencies a risk-based prioritization of their information security assets as well as their physical assets and community organizations.
We begin by compiling a jurisdictional system catalog through soliciting stakeholder and agency information and feedback. Next, we conduct an initial prioritization pass and risk analysis informed by national trends in the field. This analysis not only considers threats from adversarial organizations and individuals, but also from natural hazards and user error, as well as cyclical threats such as those to elections. We then review these initial inputs with local subject matter experts, collecting feedback and suggestions based on local experience.
Our analysts incorporate the local inputs into the final risk analysis, which yields a completed risk assessment in an expandable tool designed to inform subsequent analytical efforts. This cyber tool makes it easy to identify each community’s high-priority and high-risk systems, where and when they are accessed, what organizational security weaknesses affect them and the potential consequences of a cyber incident.
In the final step, Haystax will train each organization in the use of the cyber tool, including how to update risk profiles and understand its outputs. This training provides a solid foundation for an ongoing cyber risk management program.
# # #
Note: Want to learn more about how a Haystax Cyber Risk Analysis can benefit your municipality, county or state? Click on this link to download a fact sheet and be connected to one of our assessment team representatives.