Are Today’s State and Local Governments on Board to Meet the Cyber Security Challenge?

State and Local Governments today share important information with citizens through the internet and wireless communication channels.  Agencies stay connected to vital data and to each other while serving the needs of citizens.

With those capabilities, though, comes the responsibility to protect that information as much as possible.

Citizens expect and demand governmental services matching private-sector services in every aspect of quality, quantity, and availability in a 24/7 and year-round fashion. However, governments are struggling to meet expectations especially under intensified pressure to reduce costs and reduce budgets.

Many different organizations collect Personally Identifiable Information (PII), ranging from hospitals and banks to apartment complexes and utility companies. However, government agencies are in a uniquely challenging position—mandated to simultaneously disseminate and protect the information they collect.  These combined tasks can be challenging to say the least.

From WikiLeaks to Chinese attacks, it’s clear government IT systems are not completely protected to prevent cyber security breaches from external or even internal threats. Safeguarding government data and computing resources has never been more complex. Public-sector security officials are responsible for protecting a network of people and information that extends beyond their control.

Public workforces rely on multiple network-connected devices — many of them easily portable and extremely powerful — to go about their daily business.

Agencies share data with a multifaceted web of government and third-party partners. At the same time, the threat landscape is changing. Virus attacks have gone underground as their perpetrators, no longer interested in fame, go after confidential data that can lead to financial gain. Theft of sensitive identity and financial information now is a serious criminal enterprise, with a corresponding increase in the sophistication of cyber-attacks. In this environment, public-sector enterprises must constantly be vigilant about protecting their networks and data to maintain daily operations and public confidence.

Citizens trust government with their personal information, and keeping that data secure is of paramount importance.

In this guide, we identify key security challenges and suggest solutions and best practices to help address them.

Some of the top focus areas for government agencies are securing applications, handling PCI Compliance, and developing a strategy for mobility security within agencies.

Action Plan for Securing Applications

  1. Adopt a secure software development lifecycle (SDLC)
  2. Build Scalable application security programs
  3. Analyze Application Security Risks
  4. Quantify Application Security Risks
  5. Streamline Security Operations
  6. Reduce Application Code security flaws
  7. Propagate best practices
  8. Address Application Security in contracts

Action Plan for adopting emerging technologies in PCI

  1. Understand data flow for the entire payment environment
  2. Identify and leverage synergy between PCI and other compliance efforts
  3. Rationalize payment processes and consolidate payment data and systems
  4. Continuously monitor and improve payment card protection

Action Plan for Mobility Security

  1. Protect  content on the device
  2. Ensure a secure and trusted access to organization’s assets
  3. Breach/Loss/Theft mitigation

Security breaches cost a fortune — not just financially, but also in negative publicity and lost confidence from citizens. According to a recent survey of companies victimized by security breaches, the average cost is $7.2 million per incident.  Productivity losses can be hard to quantify, but they too are real. And regulatory fines can also hurt.

Knowledge is power. The first step in improving security is to understand the risks and vulnerabilities. In these fast-changing times, that means gaining knowledge and implementing solutions today.

Is your agency at risk? Are you doing everything you can to prevent an attack or protect your data? Are you improving and strengthening security procedures for online transactions?

AT&T Security Consulting recently hosted a webcast on cyber security for state and local government where  you’ll find practical advice on preventing data loss, addressing PCI Compliance, securing network endpoints,  improving mobile security and choosing an information centric risk management approach.

Listen to the replay of the Webcast – “Protecting Citizen Information and The Public Trust:  A Call to Action for State and Local Government.” Presented by Todd Waskelis, Vice President, AT&T Security Consulting.

Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu