How UCaaS Helps Address the Local Government Cybersecurity Challenge
December 18, 2017
The Government Technology article “Small Towns Confront Big Cyber-Risks” explores the cybersecurity challenges facing many small and mid-size local government agencies… Suggesting their strategies must be “creative,” the article describes how local government jurisdictions are forced to combat the same cybersecurity threat landscape as their state government counterparts with far fewer resources.
Describing the nature of the cybersecurity threat to local agencies: “Local governments are attractive targets for cybercriminals for the valuable data they store, and the fact that many are connected to state systems and big networks, where the quantity and quality of data is likely to be greater.”
In fact, “nearly 40 percent of local government CIOs report experiencing more attacks during the last 12 months, according to a 2016 survey by the International City/County Management Association (ICMA).”
In an illustrative example, one Sarasota, Florida civilian employee inadvertently launched a ransomware attack after opening an email attachment from an unknown sender. In the wake of this breach, 160,000 plus of the city’s files were encrypted by an attacker who demanded a $33 million-dollar ransom to release them. The city government agency ultimately recovered from the attack after taking their computer system down for a night and then restoring it, but it’s evident the outcome could have been far greater.
How can small to mid-size local agencies, protect themselves against attacks like the one in Sarasota, Florida? Considering the growing threat and the limited resources often available to local government agencies, partnering with a secure, third party cloud provider can help build a more robust security posture without hiring more staff or making significant infrastructure upgrades.
When considering Cybersecurity challenges, IT leaders often focus on the protection of data. What is often overlooked, however, is that any IT Cybersecurity plan needs to also focus on converged voice and data services and how this infrastructure will remain secure and unbreeched. For any agency looking to enhance their cybersecurity protection with limited resources, we (as a Unified Communications as a Service provider) point to our FedRAMP Authorization. To receive an authorization, providers are subject to a standardized set of requirements based on NIST 800-53 controls. NIST 800-53 compliance is a major component of FISMA compliance and it goal is to improve the security of an organization’s information systems by providing a fundamental baseline for developing a secure organizational infrastructure. As you can imagine this would-be resource intensive for local governments and why hosted solutions can solve many of these issues. Not only can agencies take away the peace of mind that their provider was deemed compliant when subject to this robust, federal agency-grade security assessment, following the FedRAMP framework can help local government agencies speed up their cloud adoption projects.