In a recent revelation by the Center for Internet Security (CIS), a non-profit organisation headquartered in Upstate New York, an unsettling surge in cyberattacks against state and local governments has been exposed, spanning the transition from 2022 to 2023. This revelation is derived from the outcomes of the 2022 Nationwide Cybersecurity Review, an extensive survey encompassing over 3,600 state, local, tribal, and territorial government organisations, meticulously evaluating their cybersecurity readiness.
The report zeroes in on the initial eight months of both 2022 and 2023, where participating government entities reported a conspicuous uptick in various categories of cyber threats. A staggering 148% surge in malware attacks was highlighted, complemented by a 51% increase in ransomware incidents during the opening eight months of 2023 compared to the equivalent period a year prior.
Non-malware cyberattacks, where hackers adeptly utilise existing tools within a device or software to compromise systems, witnessed a discernible uptick of 37%. The report also meticulously documented a substantial 313% surge in incidents linked to endpoint security services, encapsulating data breaches, unauthorised access, and insider threats.
A crucial observation gleaned from the report underscores a prevailing weakness in many state and local government cybersecurity programs – the absence of formalisation and consistent testing. While organisations might have processes in place to address vulnerabilities and formulate response or recovery plans, these activities might not have undergone formalisation or consistent testing, according to insights from the CIS Multi-State Information Sharing and Analysis Center team.
The survey brought to light that organisations without established cybersecurity plans cited challenges such as insufficient funding, the escalating sophistication of cyber threats, the absence of documented processes, the emergence of technologies, and limited access to cybersecurity professionals. These concerns, persistently troubling government entities for the past eight years, serve as formidable barriers to the establishment of robust cybersecurity programmes.
Despite these challenges, the CIS report also sheds light on areas where survey participants have fortifying their cybersecurity posture. This includes noteworthy enhancements in identity management, cybersecurity awareness training, and the implementation of mitigation and recovery strategies in the event of a cyberattack. The report underscores the imperative for ongoing efforts to address vulnerabilities and augment the resilience of state and local government cybersecurity programs.