by John Evans, Field Chief Technology Officer, State & Local Government, World Wide Technology for MeriTalk

It was previously assumed that nation-state actors primarily targeted federal agencies or major enterprises for their national secrets or big-ticket data, rather than investing the time, money, and resources attacking smaller organizations like local or even state governments.

In recent years, however, attacks against these agencies have increased, signaling a shift in the entry points threat actors are targeting. Last year's attacks on U.S. critical infrastructure by Volt Typhoon suggest this switch has been in the works for considerable time.

These attacks will continue to increase in complexity and volume, especially as AI removes barriers by requiring less time and fewer resources to deploy complex tactics. It is therefore necessary for state and local government IT leaders to assess their current security architectures to ensure they are fully fortified and prepared to mitigate these growing threats.

Challenges in Bolstering Security

While cyberattacks against state and local governments grow in volume and complexity, agencies are conversely facing staffing shortages and budget constrictions, making it challenging for them to detect these threats and take appropriate action. AI complicates this issue further, as it helps malicious actors broaden their scope of targets with minimal resources while decreasing their time to attack.

Federal support through agencies like the Cybersecurity and Infrastructure Security Agency (CISA) has previously bridged this gap for many state and local agencies by providing real-time advisories and guidance on persistent and upcoming threats. However, as federal security initiatives shift, and with some federal grants set to sunset in 2027, many agencies are exploring how to take greater responsibility in detecting and responding to malicious actors.

Tips for Developing Robust Security Architectures

While it's tempting to match growing threat complexity with new and intricate defense plans, state and local agencies must first focus on getting the basics right if they want to stay ahead of hackers.

Read full article