Local and state agencies are more vulnerable to hacker attacks
The hacking of more than 70 law enforcement agencies across the nation that resulted in the exposure of 10 gigabytes of information has placed a spotlight on the disadvantages local and state government agencies have when it comes to defending themselves from cyber criminals.
Hackers are increasingly going after high-profile organizations, such as the CIA and FBI, but that doesn't mean small government agencies are immune to intrusions. LulzSec, a hacktivist group, hacked into the email accounts of employees at the Arizona Department of Public Safety in a highly publicized attack in June, but less-known breaches have resulted in hackers obtaining hundreds of thousands of personal records from Alaska to Massachusetts, including one attack in Texas that exposed 3.5 million records.
Small government agencies have not been thought of as targets for hackers and therefore have not invested as much as larger federal agencies and major corporations in their security, said Heather Egen Sussman, the co-chair of McDermott, Will & Emery's global privacy and data protection affinity group.
"Up to this point, these agencies were not viewed as being in particular risk of being targeted by hackers," she said. "The focus has not been on IT security to the same degree that the more visible and the larger entities have paid to it."
Another problem small government organizations face is they often don't have the budget to attract top security experts with high salaries, said retired cyber-crime investigator Steve Edwards.
"It's real competitive out there for these people," he said. "They're very attractive to corporations and businesses that have these same issues."
And even when good security experts are in place, having the budget to give them the right technology to defend against sophisticated attacks can also be a problem, Sussman said.
Sussman said small government organizations can take several steps to make themselves more secure from hackers:
- Make lawmakers and organization leaders aware of cyber security's important so they receive an appropriate budget.
- Have or hire competent security experts who are up to date on the latest trends in cyber defense.
- Update all software and hardware regularly
- Train all employees with access to the organization's network
"You can have the best IT people in the world, but if you have one employee at work who double-clicks a link and inadvertently downloads malware, the hacker can be off and running," Sussman said.
And if hiring competent people is an issue, agencies should considering outsourcing their cyber security to a third party, Edwards said.
"That's a way they can be competitive in getting the best people to come in to do what has to be done," he said.
-- Salvador Rodriguez
Image: U.S. Department of Homeland Security analysts work at the National Cybersecurity and Communications Integration Center in Washington. Credit: Hyungwon Kang / Reuters