Vulnerability in SLED: How the Threat Landscape is Changing to Target Education, Small Municipalities
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
2022 is ending, and it is time for U.S. public sector leaders to reflect on lessons learned while planning for the upcoming state and local government fiscal year-end. This year’s NASCIO Annual Conference highlighted the post-pandemic technology trends and challenges that are defining 2023 policy agendas and the future of technology acquisitions. The conference referenced the State Chief Information Officer Survey which assessed state CIOs’ thoughts on a wide array of topics that affect their roles as public sector technology and business leaders in today’s modern world.
The U.S. electric grid is critical infrastructure consisting of an ecosystem of communities, stakeholders, governments and economies. Most of the grid infrastructure was built decades ago and is unreliable. Bad actors know it. In 2015, Russian hackers carried out the first successful cyberattack on the nation's electricity grid, which was just one of an ongoing series of security breaches and attacks on US infrastructure and utilities.
Government organizations have a bad rap for being inefficient. But with outdated technology and limited spending, they aren’t exactly set up for success. And the expectations from stakeholders are high, with funding provided primarily by taxpayer dollars.
As government agencies and organizations look to modernize their technology stacks to keep up with changes in the workforce, aging solutions, and closing contracts, they’ll all set out with a similar process: submit an RFP, review submissions, and choose a vendor. Seems simple enough.
But what government CIOs often don’t realize is that requiring proven, specific use cases may be limiting what their new (and likely expensive) technology investment can do for their organization. Here’s what I mean.
This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control.
This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).
The 2022 fiscal year-end is drawing near for 46 states, which means the time to leverage last-minute opportunities is coming to an end as state, local and education (SLED) organizations set their sights on next year’s budget and priorities. With FY23 just around the corner, SLED organizations will start executing on budget plans and drafting request for proposals (RFPs).
In this Q&A discussion, the former Chief of People and Culture shares her insights into employee and customer experience in government, along with tips to improve both areas.