Cyberattacks are increasing across the public sector, but the importance of technology security jobs in state and local government should not be overlooked. While investment has increased slightly, there is cause for more money. The average cyberattack has been estimated to cost over $6 million, while the largest cyberattack last year cost $40 million. State and local agencies continue to be more at risk of cybersecurity hacks due to vulnerable technology structures. Historically underfunded, state and local governments are a prime target for hackers. With their lower budgets, hackers can more easily target these institutions, resulting in wide-ranging security breaches. A recent report published by SolarWinds (itself a target of a sophisticated hack) found that state and local governments are increasingly concerned with foreign government hacking, and with general hackers.
The Work-from-Home Vulnerability
After the arrival of COVID-19 in the United States, 69% of U.S. workers were working remotely by April 2020. While more people are getting back to the office, there were still a large number of people still working either remotely or going hybrid by September. In conjunction with this rise in remote work in state and local governments, cyberattacks against these institutions were up 50% in 2020. According to a study published by MalwareBytes, where over 200 managers, directors and C-suite executives in information technology were surveyed, 24% said they covered unexpected costs following the implementation of a remote work schedule to address cybersecurity breaches. Additionally, 20% of respondents reported that their workplaces faced a security breach due to remote work. As a significant amount of employees return to in-person work, and many employers instate a hybrid work schedule, cybersecurity has become a priority for information technology government employees.
Municipalities Are “Low-Hanging Fruit” for Hackers
Research published by Mandiant, a U.S.-based cybersecurity firm, found that at least six states were hacked between May and February by a Chinese state-sponsored espionage group. City and county governments are also prime targets for cyberattacks. To some hackers, municipalities are “low-hanging fruit,” given the combination of mismanaged networks and troves of information like voter records, social security information, and more. New Orleans Chief Information Officer Kim Lagrue stated in the Washington Post, “Cities are vulnerable to attacks because we don’t have resources in the same way that the private sector does. That makes us more attractive targets.” Not only does this lack of resources make cities and local governments more appealing to hackers, but recovery from such attacks takes more time. The city of New Orleans was the target of a cyberattack in December 2019, shortly before the COVID-19 pandemic gained a foothold the U.S. As staff worked around the clock to ensure the city recovered from the attack, they were hit with all the challenges that came with COVID-19. It eventually took approximately one year and over $5 million for the city to recover. The city of New Orleans has yet to determine how much money they can recover from this loss.
The Necessity for More Employees Dedicated to Cybersecurity
Cybersecurity should be a priority in state and local governments across the country. Agencies have lacked the necessary funding, a miscue magnified by the pandemic. Municipalities, specifically, have struggled with low retention in IT jobs, with many qualified individuals leaving for higher salaries in the private sector.
However, funding towards technology services in state and local governments have recently increased as of November. Under the federal infrastructure package, $2 billion was allocated to cybersecurity — $1 billion of this budget is specifically designated for the State, Local, Tribal, and Territorial (SLTT) Grant Program which will provide cybersecurity aid to these institutions.
Now that these agencies are receiving this money, state and local governments are beginning to see the value in investing in IT jobs across the country. State and local governments must prioritize retention and hiring of IT talent that can help mitigate past cyberattacks and prevent new ones. Roles like Chief Information Officer (CIO), Chief Information Security Officer (CISO), and Chief Technology Officer (CTO) will lead the way in developing and implementing solid technology infrastructure to safeguard government systems. These leadership roles will be in charge of creating teams that improve their security protection. As New Hampshire CIO Denis Goulet stated, this new funding presents a “unique opportunity” and that governments should “modernize legacy and outdated IT systems, improve our cybersecurity posture and invest in technologies to enhance how our citizens interact with their governments.”