Comment: US Government Institutions Not Complying With Cybersecurity Laws

By   ISBuzz Team
Writer , Information Security Buzz | Oct 14, 2019 06:09 am PST

An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program. A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
October 14, 2019 2:12 pm

Sadly, most of the governmental agencies in the US and Europe are similarly underprotected. The government usually lacks financial resources and are unable to effectively compete on the market for cybersecurity talents. Moreover, purchasing and procurement processes are usually quite complicated and slow, exacerbating the situation. Hierarchy is likewise complicated, obscuring accountability and responsibility for cybersecurity.

Cybercriminals widely regard government as low-hanging fruit, running targeted attacks and ransomware campaigns against it. Worse, most of the data-theft attacks are sophisticated enough to never get detected and reported, differently from quite “noisy” ransomware incidents.

Simplification of internal processes, budget increase, holistic visibility of digital assets and continuous security monitoring – are all indispensable for the government to survive in the hostile digital environment.

Last edited 4 years ago by Ilia Kolochenko

Recent Posts

Would love your thoughts, please comment.x