Cyberattacks on state and local governments are on the rise, according to a recent study conducted by a nonprofit organization that helps governments protect themselves against security threats.
The National Cybersecurity Review (NCSR), conducted in 2022 and 2023, showed an increase in attacks during that time, including malware, ransomware and other suspicious activities that affected state, local, tribal and territorial (SLTT) government organizations.
Part of the reason for the rise is that many government organizations are still formalizing their cybersecurity programs, according to the Center for Internet Security (CIS), which conducted the study.
Factors such as time, staffing and resources are among the reasons some organizations haven’t finalized their processes and procedures to protect against attacks. For example, implementing a successful vulnerability-management plan requires extensive testing — something many short-staffed entities may not have time to do, the CIS said.
“An organization may have a process in place to address vulnerabilities, and there may be response/recovery plans in place, but these various activities may not have been formalized or tested consistently,” the CIS said.
A shortage or unavailability of cybersecurity professionals are also key challenges for many government organizations.
“Having capabilities in place and then a policy/plan documented can improve (vulnerability management) for the SLTT community,” the CIS said.
Areas of attack where government organizations saw increases include:
- Malware, including a 148% increase in cyberattacks involving remote access trojans (RATs), a 27% increase in cryptominers and a 35% increase in infostealers.
- Ransomware incidents went up 51% from 2022 to 2023.
- Non-Malware, including a 37% increase in command shell activity and a 30% increase in suspicious SSL certificates.
- Security incidents detected by CIS Endpoint Security Services (ESS) went up 313%.
The report underscores the need for governments to analyze their cybersecurity measures annually and to make improvements on an ongoing basis.
While attacks rose during the two-year reporting period, participants in the study did some things well, including identity management and access control, awareness and training, mitigation and recovery planning.
It’s possible many organizations focused on those areas in particular, CIS said.
“For example, the ‘Respond – Mitigation’ category focuses on processes to lessen the severity of an incident,” the CIS said. “It is possible that more organizations nationwide are focusing time and resources on these types of processes and activities, as knowledge of cyber incidents and their impacts have become more common in recent years.”
All news and information on this site is provided by the team at Strategic Partnerships, Inc. Check out this short 1-minute video that provides a quick overview of how we work with clients.