Page 183 - Cyber Defense eMagazine August 2024
P. 183

It  is  truly  a  scary  environment,  and  it's  never  been  easier  for  attackers  to  wreak  havoc  with  remote
            workforces, BYOD and data in the cloud.

            Government  and  education  organizations  are  battling  against  these  increased  threats  with  limited
            budgets and competing for the best cybersecurity  staffers against companies that can offer better pay.
            According to data published in Axios, the average private sector cybersecurity role pays 14 percent more
            than public sector  jobs. Another  challenge  in the public  sector, especially  with schools,  is dealing with
            staff who are not technically the most savvy. Then there’s the digital elephant in the room: resistance to
            change.  Employees  feel  comfortable  with  their  familiar  processes  and worry  that  new solutions  could
            render their work—and them—less valuable.

            So,  what  if  a government  or  education  organization  doesn’t  have  the  budget  or  resources  to get  the
            cybersecurity talent and tools they need? Here are three other avenues they can take to be safe.



            1. Pool resources at a state level

            Licenses  for  cybersecurity  products  can  be  purchased  at  the  state  level,  then  rolled  out  to  their
            “constituents.”  For this to  work, state-level  officials  have  to overcome  any  resistance  to change.  They
            need  to  make  sure  that  every  agency,  from  the  Department  of  Corrections  to  the  Department  of
            Transportation,  is on board with whatever tool they’re using. That's a challenge  because each of these
            departments  might  be  doing  something  different  for  security.  They  have  their  own  staff.  Their  email
            addresses are different. But this way, everyone can benefit while keeping costs down.



            2. Push for continued grant money

            In 2022, the Biden Administration announced $1 billion in funding for a state and local cybersecurity grant
            program.  The  program  was  heralded  by  cash-strapped  government  and  education  organizations  for
            allowing them to implement basic security protocols  as well as gain access to state-level resources, as
            mentioned above. However, there are concerns among state and city leaders that the funding will not be
            fully dispersed,  threatening ongoing cybersecurity  efforts. It’s vital for ongoing cybersecurity efforts that
            this grant program not only runs its course through its intended four years, but continues on in some form
            going forward.



            3. Lobby for cybersecurity legislation

            Around the country, leaders at the state, city and county level are working with their legislatures to pass
            laws  that  mandate  certain  cybersecurity  protections.  For  example,  Connecticut  enacted  legislation  in
            2023  that  “establishes  a  cybersecurity  task  force”  that  will  develop  strategies  and  coordinate
            cybersecurity efforts among the state’s agencies and other entities. This is a promising development for
            Connecticut, but much more cybersecurity legislation failed than passed last year. It behooves both public
            and  private  sector  cybersecurity  leaders  to  work  with  their  elected  officials  on  stronger  cybersecurity
            programs.




            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          183
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   178   179   180   181   182   183   184   185   186   187   188