New year, new technology: How local governments can proactively combat cybersecurity challenges

How effective is the current cybersecurity technology that exists within state and local governments? Heading into 2022, it is critical that state and local IT leaders ask themselves this question and begin to evaluate and update the current systems in place.

While research shows that cyberattacks on government organizations decreased by 10 percent in 2020, state and local governments must remain on high alert. One of the main challenges state and local IT leaders will face in the new year is an expanded attack surface, particularly with continued hybrid policies, legacy, network perimeter based approaches to security, and the rise of sophisticated threats like the Log4j vulnerability.

To effectively combat this landscape, state and local IT leaders should focus on ensuring security and compliance, and prioritize the modernization of security, the implementation of zero trust-based cloud access, and the development of a proactive stance against cyber threats through the use of deception technology in 2022 and beyond.

Due to the unprecedented increase in cyber threats over the course of the last year, many state and local governments have increased focus on strengthening security measures to protect government resources, as evidenced by legislation. Despite these efforts, many states and localities still took massive hits, and concerns with third party vendor risk or large-scale vulnerabilities like Log4j remain top of mind for state and local IT leaders.

Modernizing security

State and local governments are welcoming additional funding through initiatives such as the State and Local Cybersecurity Grant Program, and must decide how to best leverage these funds in the coming year. IT and cyber infrastructure put in place at the beginning of the pandemic will be up for a normal tech refresh cycle, and IT leaders will evaluate effectiveness and consider the need to increase and modernize security approaches.

Many IT teams will turn off their VPN appliances permanently as they question whether or not to pursue on-prem hardware as hybrid policies continue. Team leaders will weigh the value of allocating precious funding dollars to outdated security technology, and ultimately will choose to implement modern, zero trust-based cloud access. Zero trust helps government agencies keep information and data more secure by taking extra steps to verify the identity, devices, access and services employees attempt to use.

The new StateRAMP program, which aims to drive consistent cybersecurity defenses across vulnerable state and local government organizations, will gain speed throughout the year as well, authorizing applications and helping to fast-track secure state and local cloud services adoption. StateRAMP is an excellent example of how compliance programs can be efficient, speed innovation and build strong public/private partnerships.

Proactive stances against cyber threats

As state and local governments continue to prioritize the improvement of cyber posture, IT leaders will be focused on third-party contractor or vendor risk. As the year continues, many leaders will question how third-party individuals can gain access to necessary materials without having to be put on the network, especially with recent cyber threats being top of mind. One of the best preventative measures that can be taken to combat these risks is implementing zero trust.

States and localities will also take a proactive stance against cyber threats through the use of deception technology—a defensive approach that detects active threats by populating an environment with decoys. These decoys could be fake endpoints, files, computers and other resources that mimic production assets for the sole purpose of altering IT teams to adversary presence when touched. By proactively creating decoys, governments are better equipped to quickly identify bad actors. Doing so in a zero trust architecture can help supercharge cyber defenses and aid in overall protection and prevention.

By prioritizing modernization and taking the necessary steps to update and secure their cyber posture, state and local IT leaders can begin to proactively combat cyber threats.

Ian Milligan-Pate brings more than a decade of leadership experience in Software as a Service and cybersecurity to his current role at Zscaler. As regional vice president for SLED, he leads Zscaler’s state and local government and education team.