Governments are vulnerable to cybersecurity breeches. In this way, they don’t vary much from private-sector businesses, whose sometimes spectacular cybersecurity failings grab headlines. So, as a government with limited resources, how do you prepare for the inevitability of some bad actor trying to access sensitive information?
An August 2018 report out from the (ISC)2, a non-profit focused on “inspiring a safe and secure cyber world” details several key ways in which governments and private businesses alike can begin to build an internal culture focused on cybersecurity awareness. The major take-aways? Management understands the need for the importance of strong cybersecurity–97% of the cybersecurity professionals (ISC)2 polled indicated their managers understood why it was important. And while management may understand why it is important to focus on cybersecurity, they were less clear in their job descriptions to hire dedicated talent. 52% of cybersecurity professionals asked said job descriptions didn’t demonstrate an understanding of security.
The disconnect between management’s understanding of the threat cybersecurity breeches pose and the general understanding of the security environment could create opportunity for disarray in addressing threats. However, the (ISC)2 report goes on to say that to build a culture that effectively addresses cybersecurity concerns really centers on hiring and retaining talent, ensuring management is aware of the importance of cybersecurity, and aligning policies and strategy. Management’s concern and interest in building an effective shield against attack is enough, given the cybersecurity team is adequately staffed and their expertise is taken seriously.
If you are a local government who is struggling to keep up with the demands of ever-evolving cybersecurity issues, the Office of the Washington State Auditor has resources to help. Visit our website for resources and checklists designed to help you.