How Moving Toward Zero-Trust Can Help State & Local Government

February 21, 2022

Cybersecurity Attacks Targeting Government Entities

Cyber-attacks on government entities are increasing at a rapid pace. Cybercriminals consider municipalities low-hanging fruit due to the highly sensitive data kept on their systems (voter records, tax information, and social security numbers) and the publicity they can gain from shutting down a governmental system. A recent report titled “The Economic Impact of Cyber Attacks on Municipalities” from KnowBe4 found:

• The average cybersecurity breach costs states between $665,000 and $40.53 million, with a median cost varying from $60,000 to as high as $1.87 million.
• The average ransom amount demanded by cybercriminals from 2013 to 2020 was $835,758.33.
• 60% of states either have “voluntary” or no cybersecurity training programs at all.
• 2% of attacks in state government are targeted toward cities and local schools.

Improving Your Security Posture

As part of improving your security posture, implementing zero-trust can boost your cybersecurity efficacy by 144%, according to one report. Zero-trust is a simple concept at its core – any network traffic (regardless of internal or external) is considered untrustworthy until it’s been verified and users have been authenticated. Although the zero-trust approach primarily focuses on data and service protection, it should be expanded to include your enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and other systems requesting information.

Seven Key Tenants of Zero-Trust

Key tenants include:

Data sources

All data sources and computer services are considered resources

Communication

All communications are secured regardless of network location

Access

Individual enterprise access to resources is granted on a per-session basis

Dynamic policy

A dynamic policy determines access to resources

Monitor and measure

The enterprise monitors and measures the integrity and security posture of all owned and associated assets

Authentication and authorization

All resource authentication and authorization are dynamic and strictly enforced before access is allowed

Information collection

The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.

How to Move Towards Zero-Trust

Municipalities and state governments can start by evaluating their current security processes and procedures. To help Michigan municipalities improve their overall security posture, the State of Michigan, through the Michigan Cyber Partners, issued a competitive Request for Proposal to pre-qualify vendors to provide an independent cyber security assessment. This service offers a streamlined and cost-effective approach to help you move towards zero-trust. Dewpoint security consultants are available to discuss all of your cybersecurity needs. We work as your cybersecurity partner to protect your entity so you can focus on serving your constituents.