When only eight states out of 50 fare decently on preparedness to deal with cyber threats, it is no wonder that businesses aren’t doing any better with their own cybersecurity readiness. If those who are supposed to protect aren’t securing data and critical infrastructure properly, why would businesses think they should?
A recent study by the Pell Center found that state governments are nowhere near being sufficiently prepared for cybersecurity threats. Even though all 50 states have adopted broadband communication and are promoting a wider use of the Internet, none of them managed to meet all of the evaluation criteria Pell used to measure cyber readiness.
The measures used in the Pell study included: having a strategic cybersecurity plan, formal incident response capabilities, data breach notification and other cybersecurity laws, threat information sharing mechanisms in place, as well as spending on cybersecurity R&D. They also interviewed state CIOs, CISOs, and other state government officials; plus, reviewed open source data before arriving at their final evaluation.
Francesca Spidalieri, senior fellow for cyber leadership and author of the report, said that most states didn’t even mention the need to secure their IT systems or to address cyber threats; and that some acknowledged the problem, but haven’t done much to address it. She also mentions the common challenges they’re having, which unsurprisingly are linked to lack of funding for cybersecurity programs, lack of executive engagement, the growing sophistication of threats and the shortage of cybersecurity professionals. All the same challenges most businesses seem to continue to face in their cyber threat preparedness efforts.
Unfortunately, cybersecurity readiness isn’t looking much better on the federal level either. A second report by MeriTalk and Palo Alto Networks found that 44 percent of federal endpoints are vulnerable to cyber threats and that 30 percent of federal network connected devices have been infected by malware. The study also finds that about 20 percent of endpoint security audits do not include all network-connected devices and barely half of all federal agencies have taken steps to secure endpoints.
The awareness these studies bring to the lack of government agency cyber threat preparedness is highly concerning since these entities store very sensitive data of the people they are meant to protect and they manage the critical infrastructures that allow the country to function. One would think they’d be leading the cybersecurity race, not the opposite.
It’s time for everyone to start taking cybersecurity more seriously. Isn’t it better to prevent a major disaster than having to recover from one (while having to implement the security measures that should have already been in place)? Every little bit counts to lead the way and show others the difference cybersecurity makes to protecting an organization’s valuable assets, but also everyone’s day to day life in this digital era.
If you need assistance beating your enterprise and data risks, we’d love to help. Schedule your free information security consultation.
Photo courtesy of alexskopje