Cloud Hosting

In 2021, cybersecurity got more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against U.S. targets rose 185 percent year over year in the first half of 2021, according to Internet security solutions provider SonicWall. Criminals also leaned hard on double extortion and turned their efforts against organizations like food supplier JBS and Colonial Pipeline, where system interruptions wouldnt just harm the victim and their clients, but also a broad swath of society.

Federal response got more serious, too, homing in on defending critical infrastructure, and states havent sat on the sidelines, either. Several moved to ban ransom payments and direct more resources toward defending against the threats, although researchers say fully tackling the problem requires national and international coordination.

Nation-state-driven cyber espionage by Russia and China also loomed heavy in public consciousness, particularly the SolarWinds incident, attributed to Russia. That saw a compromised security patch spread malware to clients, including government agencies, and woke up the U.S. to the need for software supply chain security. Calls for reviewing software development environments and creating a software bill of materials became more pressing.

The federal government also turned attention to states and localities, where efforts to modernize legacy systems and upgrade defenses are often held back by shortages of money, people and guidance on how to invest most impactfully. The Cybersecurity and Infrastructure Security Agency (CISA) has been working to become a go-to resource, however, and could gain more powers and programs next year under the National Defense Authorization Act (NDAA) for Fiscal Year 2022, which has not yet passed at time of writing. Federal efforts like these are also unleashing more dollars, but states and municipalities will need sustained funding.

Even so, agencies cannot just hire their way into safety. They also need to continually train and retrain existing staff about best practices for staying safe and properly implementing technologies. Artificial intelligence tools are helping scan for vulnerabilities and suspicious activity, but cyber criminals will always find plenty of traction in tricking humans. Phishing is the jumping off point for many successful scams and ransomware attacks, with one email fraud incident costing a New Hampshire town $2.3 million. Agencies, therefore, must keep employees cyber awareness fresh.

Not all cyber risks come from deliberate, malicious action, either. Staffs technological mistakes can also be devastating, with failures to adhere to the correct procedures resulting in the Dallas Police Department permanently deleting troves of case materials and Wyoming leaking residents health data, to name just two 2021 examples.

Agencies are becoming more attuned to the need to safeguard residents privacy, whether through security measures intended to thwart data breaches or by simply avoiding ever collecting or retaining information beyond whats strictly necessary. States continued to add chief privacy officer posts in 2021, underscoring the growing attention put on such concerns.

State and local governments are still grappling with unfounded allegations of 2020 voting fraud, with Maricopa County, Ariz.s widely panned Cyber Ninjas election audit only concluding in September, and Wisconsin and Pennsylvania looking to launch their own.

Meanwhile, mis- and disinformation aimed at undermining trust and misleading voters spurred the Jan. 6 insurrection and death threats against election workers. Advocates in 2021 have increasingly drawn attention to how social media platforms amplify falsehoods, and combatting false information as well as curbing other social media harms will remain a major concern of policymakers.

Go here to read the rest:
Did the Cybersecurity Stakes Get Even Higher in 2021? - GovTech