Did the cybersecurity stakes get even higher in 2021?


Phishing is the jumping off point for many successful scams and ransomware attacks, with one email fraud incident costing a New Hampshire town US$2.3mil (RM9.7mil). — Technology vector created by freepik - www.freepik.com

In 2021, cybersecurity got more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against US targets rose 185% year over year in the first half of 2021, according to Internet security solutions provider SonicWall. Criminals also leaned hard on double extortion and turned their efforts against organisations like food supplier JBS and Colonial Pipeline, where system interruptions wouldn't just harm the victim and their clients, but also a broad swath of society.

Federal response got more serious, too, homing in on defending critical infrastructure, and states haven't sat on the sidelines, either. Several moved to ban ransom payments and direct more resources toward defending against the threats, although researchers say fully tackling the problem requires national and international coordination.

Nation-state-driven cyber espionage by Russia and China also loomed heavy in public consciousness, particularly the SolarWinds incident, attributed to Russia. That saw a compromised security patch spread malware to clients, including government agencies, and woke up the US to the need for software supply chain security. Calls for reviewing software development environments and creating a software bill of materials became more pressing.

The White House has sought to infuse fresh energy into fighting cyber crime, appointing its first-ever national cyber director and channeling new funding to state and local governments. Biden's May executive order announced plans for holding federal agencies to higher cyber hygiene standards, and the administration signalled interest in putting more pressure on private firms to support a better national cyber posture as well.

The federal government also turned attention to states and localities, where efforts to modernise legacy systems and upgrade defences are often held back by shortages of money, people and guidance on how to invest most impactfully. The Cybersecurity and Infrastructure Security Agency (CISA) has been working to become a go-to resource, however, and could gain more powers and programs next year under the National Defence Authorisation Act (NDAA) for Fiscal Year 2022, which has not yet passed at time of writing. Federal efforts like these are also unleashing more dollars, but states and municipalities will need sustained funding.

Workforce

Nationwide demand for cybersecurity professionals outstrips supply, and governments struggle to lure recruits able to net more lucrative salaries in the private sector. Experts increasingly call for expanding talent pipelines by taking a more flexible approach, including considering applicants with non-traditional experience or who are permanently remote and creating alternative job and training pathways such as apprenticeships. They also recommend engaging more K-12 students in cybersecurity and ensuring that recruitment efforts go beyond the usual sources to reach underrepresented groups like people of colour and women. Some agencies are additionally turning to outsourcing and automation to supplement limited workforces.

Even so, agencies cannot just hire their way into safety. They also need to continually train and retrain existing staff about best practices for staying safe and properly implementing technologies. Artificial intelligence tools are helping scan for vulnerabilities and suspicious activity, but cyber criminals will always find plenty of traction in tricking humans. Phishing is the jumping off point for many successful scams and ransomware attacks, with one email fraud incident costing a New Hampshire town US$2.3mil (RM9.7mil). Agencies, therefore, must keep employees' cyber awareness fresh.

Not all cyber risks come from deliberate, malicious action, either. Staffs' technological mistakes can also be devastating, with failures to adhere to the correct procedures resulting in the Dallas Police Department permanently deleting troves of case materials and Wyoming leaking residents' health data, to name just two 2021 examples.

Privacy

The pandemic made digital services essential to governing, with many residents and state personnel working in remote or hybrid environments and not everyone planning to go back to the old ways. This shift means agencies must be able to provide digital services without interruption and securely handle residents' data. This hasn't been easy, and 58,000 unemployment applicants in Florida saw their personal data exposed in a breach.

Agencies are becoming more attuned to the need to safeguard residents' privacy, whether through security measures intended to thwart data breaches or by simply avoiding ever collecting or retaining information beyond what's strictly necessary. States continued to add chief privacy officer posts in 2021, underscoring the growing attention put on such concerns.

Elections

Election cybersecurity and misinformation will be top of mind in 2022. Election officials sharpened skills in 2020 and shared information more closely with federal partners as they monitored and responded to potential cyber threats and physical attacks. But lingering fights over that election warn of the work ahead next year.

State and local governments are still grappling with unfounded allegations of 2020 voting fraud, with Maricopa County, Ariz.'s widely panned Cyber Ninjas election audit only concluding in September, and Wisconsin and Pennsylvania looking to launch their own.

Meanwhile, mis- and disinformation aimed at undermining trust and misleading voters spurred the Jan 6 insurrection and death threats against election workers. Advocates in 2021 have increasingly drawn attention to how social media platforms amplify falsehoods, and combatting false information as well as curbing other social media harms will remain a major concern of policymakers. – Government Technology/Tribune News Service

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Opinion: Just reboot it
Tech workers flooded Hawaii in the pandemic. With remote work on the decline, what now?
‘Omega Strikers’ is a mish-mash of genres that somehow works
Australia's Optus contacts customers caught in cyber attack
A world without passwords: What Big Tech's switch to Fido 2 means
Hanoi closes Instagram hotspot 'Train Street' over safety concerns
’FIFA 23’ will let you play as fictional football coach Ted Lasso
Bankrupt crypto lender Voyager's CFO to exit months after appointment
Review: Run your own university in 'Two Point Campus' for PC and console
Musk says activating Starlink, in response to Blinken on internet freedom in Iran

Others Also Read