An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program. A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever.
Mississippi Shows Flagrant Disregard for Cybersecurity: Audit reveals Mississippi government institutions are not following cybersecurity laws https://t.co/jcBev7OcJs pic.twitter.com/R0zjMPhz9P
— Shah Sheikh (@shah_sheikh) October 11, 2019
Sadly, most of the governmental agencies in the US and Europe are similarly underprotected. The government usually lacks financial resources and are unable to effectively compete on the market for cybersecurity talents. Moreover, purchasing and procurement processes are usually quite complicated and slow, exacerbating the situation. Hierarchy is likewise complicated, obscuring accountability and responsibility for cybersecurity.
Cybercriminals widely regard government as low-hanging fruit, running targeted attacks and ransomware campaigns against it. Worse, most of the data-theft attacks are sophisticated enough to never get detected and reported, differently from quite “noisy” ransomware incidents.
Simplification of internal processes, budget increase, holistic visibility of digital assets and continuous security monitoring – are all indispensable for the government to survive in the hostile digital environment.