The Register Citizen (Torrington, CT)
Cyber-resilience essential for government entities
With each passing day, the need for strong cybersecurity measures at the state and local levels of government becomes more important. Why? Because outside parties who wish to cause harm and chaos are always looking for new ways to infiltrate, disrupt and damage government institutions with cyber-crimes. The key to fighting back comes down to one concept on the part of state and local government entities: cyber-resilience.
What is cyber-resilience? It is the government’s ability to prepare for, respond to and, when needed, recover from a cyber-attack, and to emerge stronger than ever once they occur. A government entity with cyber-resilience is one that is able to defend itself from hackers, have mechanisms in place that minimize any damage and ensure that operations are able to continue largely uninterrupted despite the attack. It is an essential part of the 2020 toolkit — cyber-security without cyber-resilience is largely ineffective.
While cyber-security is the IT-based systems and processes a government entity has in place to protect itself from outside cyber-harm, not unlike an alarm system, cyber-resilience goes to the next step and addresses actual business continuity and delivery. It ensures the entity’s goals and needs are met regardless of any outside efforts to disrupt it. State and local governments owe it to the constituents who depend on them to have a full plan for cyber-resilience in place.
The tangible reasons for cyber-resilience should be fairly simple for a governmental entity to understand, the most important one being avoiding financial losses that could come if a cyber-crime forces a shutdown of services. Such attacks can be costly, and while no one is immune from an attack happening, cyber-resilience greatly lessens the chances of the effects costing too much. By diminishing the potential aftereffects of a breach, you also diminish the amount of taxpayer money you stand to lose.
Reputational management is another tremendous benefit of cyber-resilience. Cyber-security is all about control over your internal system, and not surrendering that control to cyber-criminals. With cyber-resilience not only is that internal control maintained, but the public criticism that could come as the result of a damaging cyber-attack is avoided, as well. The general public is always looking to government to make sure things are run properly and responsibly, and with cyber-resilience in place, the reputation is protected as well as the assets.
Central to cyber-resilience is Advanced Threat Protection, which is exactly what it sounds like — cyber-security solutions that protect against increasingly sophisticated cyber-attacks (malware, ransomware and more) that seek to get control of personal data. The technology used in these attacks gets more advanced by the day, and so too should the systems governments have in place to fight them. This is where ATP comes in, providing state and local governments with a much better way to monitor for these threats, prepare for them and respond much quicker than in the past.
It may sound obvious, but one more essential component to cyber-resilience is having data backed up digitally and safely stored on a daily basis. This will help recovery from data breaches or attacks go much quicker and can allow data to be properly replaced in a timely manner, which will enable constituent service to continue with much less interruption.
The threat of cyber-security to government entities is, unfortunately, never going to go away. But with cyber-resilience, state and local governments are equipped with what they need to endure attacks and move forward with minimal damage done. It is, simply put, the best way to remain ahead of the cyber-criminals, and taxpayers will be grateful in knowing that cyber-resilience is now an integral part of the overall security plan.
David Sun is a partner with blumshapiro, the largest regional business advisory firm based in New England, with offices in Connecticut, Massachusetts, Rhode Island and Virginia. The firm, with a team of over 500, offers a diversity of services including auditing, accounting, tax and business advisory services.