Cybersecurity skills shortages are nothing new. But new research shows that they are creating recruiting chaos.

Targeted campaigns by malicious actors have become commonplace. As recent breaches show, these threat actors can stay hidden on agency networks for long periods of time, assessing your systems and looking for information to exfiltrate. We call them the enemy with no face.

  Identity management, the process of identifying individuals in your system and controlling the access they have to certain resources, is an area of cyber security that state and local government employees have quite a bit of confidence in. Yet data shows there’s room for improvement.

DLT partner, Symantec, has put together a list of seven items you must add to any incident response plan. Here’s how it translates to government agencies. 1. Have a Workable Plan

It will come as no surprise to anyone that 2016 saw an alarming increase in targeted attacks aimed at politically motivated sabotage and subversion. This new level of ambition by cyber criminals is corroborated by the annual Internet Security Threat Report from DLT partner, Symantec. The perceived success of several campaigns – particularly the U.S.

As the worldwide fallout of the WannaCry ransomware virus continues and the blame game starts, the worldwide attack underscores the need for basic security hygiene, updating of operating systems, and regular patching writes DLT Chief Cybersecurity Technologist, Don Maclean.

What does privilege have to do with your agency’s security controls? The fact is that most data breaches start with privilege abuse. Think Edward Snowden. In the wake of his leaks, the NSA pledged to reduce system administrator privileges by 90%. Then there are outsiders. Most recent federal data breaches originate from attackers who exploited the login accounts of employees or contractors to gain access to sensitive data.

In our recent webinar, three industry experts dissected the recently revised primary standard for security controls for federal information systems, NIST 800-53 revision 4. As more agencies in the public sector and their partners move to the cloud, security remains a top concern. Thought leaders from DLT, AWS and Evident.io exchanged perspectives on what NIST 800-53 compliance means for government agencies and private organizations alike.

While much of the focus on cybersecurity risks has been focused on prevention and detection, many organizations are quickly discovering that threat hunting is the next step in the evolution of their security operations center (SOC).

Cyberattacks on the application layer are becoming more commonplace than attacks on servers, according to a survey of IT professionals by DLT partner, Veracode. The problem is that traditional security methods are largely ineffective against these application layer attacks. But despite this increase, it’s important to maintain perspective.

Is your state or local agency ready for the cloud? Whether you’re thinking of moving to a SaaS email system or migrating data to cloud storage and processing platforms, a cloud readiness assessment might be in order. Before you make the move to the cloud, risks need to be assessed and technical readiness must be considered. In-house expertise must be aligned and security concerns overcome. Then there’s the matter of data governance. Not forgetting your procurement team who must familiarize themselves with cloud models, contracts, and billing.

Transitioning to the cloud? Chances are, when you make the transition, you’ll take baby steps – assessing your workloads in totality and individually, determining the most efficient platform, preparing thoroughly and then migrating just that workload, then the next, and so on. It’s standard procedure and is the best way to proceed with minimal risk. What you’ve done here is create a hybrid environment. Most of your IT is still on-premise, but certain workloads are in the cloud. And it’s likely to stay that way.