February 21, 2022
Cyber-attacks on government entities are increasing at a rapid pace. Cybercriminals consider municipalities low-hanging fruit due to the highly sensitive data kept on their systems (voter records, tax information, and social security numbers) and the publicity they can gain from shutting down a governmental system. A recent report titled “The Economic Impact of Cyber Attacks on Municipalities” from KnowB4 found:
As part of improving your security posture, implementing zero-trust can boost your cybersecurity efficacy by 144%, according to one report. Zero-trust is a simple concept at its core – any network traffic (regardless of internal or external) is considered untrustworthy until it’s been verified and users have been authenticated. Although the zero-trust approach primarily focuses on data and service protection, it should be expanded to include your enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and other systems requesting information.
Key tenants include:
All data sources and computer services are considered resources
All communications are secured regardless of network location
Individual enterprise access to resources is granted on a per-session basis
A dynamic policy determines access to resources
The enterprise monitors and measures the integrity and security posture of all owned and associated assets
All resource authentication and authorization are dynamic and strictly enforced before access is allowed
The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.
Municipalities and state governments can start by evaluating their current security processes and procedures. To help Michigan municipalities improve their overall security posture, the State of Michigan, through the Michigan Cyber Partners, issued a competitive Request for Proposal to pre-qualify vendors to provide an independent cyber security assessment. This service offers a streamlined and cost-effective approach to help you move towards zero-trust. Dewpoint security consultants are available to discuss all of your cybersecurity needs. We work as your cybersecurity partner to protect your entity so you can focus on serving your constituents.