Page 183 - Cyber Defense eMagazine August 2024
P. 183
It is truly a scary environment, and it's never been easier for attackers to wreak havoc with remote
workforces, BYOD and data in the cloud.
Government and education organizations are battling against these increased threats with limited
budgets and competing for the best cybersecurity staffers against companies that can offer better pay.
According to data published in Axios, the average private sector cybersecurity role pays 14 percent more
than public sector jobs. Another challenge in the public sector, especially with schools, is dealing with
staff who are not technically the most savvy. Then there’s the digital elephant in the room: resistance to
change. Employees feel comfortable with their familiar processes and worry that new solutions could
render their work—and them—less valuable.
So, what if a government or education organization doesn’t have the budget or resources to get the
cybersecurity talent and tools they need? Here are three other avenues they can take to be safe.
1. Pool resources at a state level
Licenses for cybersecurity products can be purchased at the state level, then rolled out to their
“constituents.” For this to work, state-level officials have to overcome any resistance to change. They
need to make sure that every agency, from the Department of Corrections to the Department of
Transportation, is on board with whatever tool they’re using. That's a challenge because each of these
departments might be doing something different for security. They have their own staff. Their email
addresses are different. But this way, everyone can benefit while keeping costs down.
2. Push for continued grant money
In 2022, the Biden Administration announced $1 billion in funding for a state and local cybersecurity grant
program. The program was heralded by cash-strapped government and education organizations for
allowing them to implement basic security protocols as well as gain access to state-level resources, as
mentioned above. However, there are concerns among state and city leaders that the funding will not be
fully dispersed, threatening ongoing cybersecurity efforts. It’s vital for ongoing cybersecurity efforts that
this grant program not only runs its course through its intended four years, but continues on in some form
going forward.
3. Lobby for cybersecurity legislation
Around the country, leaders at the state, city and county level are working with their legislatures to pass
laws that mandate certain cybersecurity protections. For example, Connecticut enacted legislation in
2023 that “establishes a cybersecurity task force” that will develop strategies and coordinate
cybersecurity efforts among the state’s agencies and other entities. This is a promising development for
Connecticut, but much more cybersecurity legislation failed than passed last year. It behooves both public
and private sector cybersecurity leaders to work with their elected officials on stronger cybersecurity
programs.
Cyber Defense eMagazine – August 2024 Edition 183
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.