Zero-Trust Cybersecurity Is on the Horizon for State and Local Governments
April Miller is a senior technology writer at ReHack Magazine. She is particularly passionate about sharing her expertise with people in professions such as government and education, helping them implement technology into their professional lives to increase their productivity, efficiency and personal enjoyment of their work.
State and local governments are changing their approach to cybersecurity as threats continue to rise. National and industry leaders are encouraging all levels of government to begin utilizing zero-trust cybersecurity strategies. These tactics represent a significant shift from traditional methods, where information is now protected at every possible access point.
What Is Zero-Trust Cybersecurity?
Zero-trust cybersecurity takes the motto of “never trust, always verify,” which is just what state and local governments need today. No individual, device or browser is automatically trusted, even if there has been a previous successful login. Every attempt to access information must be securely verified.
The three pillars of zero-trust security are continuous verification, limiting the “blast radius” of attacks and automation. Validation at every step makes it as challenging as possible for hackers to exploit any login credentials they manage to obtain. Strategically segmenting networks and data ensures the effects of any breach can be contained so an attack only penetrates a small section of information. Every device, site and application is assumed to be connected and treated with the same strict security standards.
Automation and AI have found their way into zero-trust techniques, as well. Behavioral analysis is used to detect threats around the clock. For example, a security AI model that recognizes an unusual login location or IP address for a certain user could flag a potential breach attempt.
Zero-Trust Is Imperative for Safety
There has never been a more urgent moment for state and local governments to bolster their information security. The COVID-19 pandemic has forever changed how the world handles cybersecurity. IT departments and CISOs worldwide faced serious challenges with the sudden shift to remote work. Cybercriminals took advantage of this opening, sparking a 59% surge in phishing schemes and a 36% increase in malware and ransomware attacks.
The global pandemic and remote work have lingered into 2022, and long-term changes are needed in security. The Biden administration has released guidelines for government cybersecurity standards, supporting a strict zero-trust approach. The recommendations have even been followed with an executive order that gives federal agencies until 2024 to update their cyber defenses.
While the Biden administration’s executive order does not apply to state and local governments, officials at all levels would be wise to implement the White House’s zero-trust policies. On one level, agencies must communicate and collaborate with the federal government regularly. As a result, state and local officials and staff are responsible for keeping the data that passes between them secure.
On an even more pressing level, governments have become prime targets themselves for cyberattacks. This may partly be because criminals anticipate federal agencies having stronger defenses than lower-tier networks. State and local governments often lack the resources federal agencies might have for combating cyberattacks, making it easier for malware and ransomware attacks to succeed.
Zero-trust cybersecurity takes the motto of “never trust, always verify,” which is just what state and local governments need today.
Strategies for Zero-Trust Security
Any sized organization can implement zero-trust cybersecurity. Some techniques require or at least benefit from purpose-built software, but anyone can use basic zero-trust strategies. A great example is multifactor authentication (MFA). This login technology has become popular among consumers as well as industry leaders. The simple act of verifying every single login attempt with another device or credential adds a powerful layer of security.
An important starting point for state and local governments is educating officials and staff on zero-trust policies and best practices. Some of the biggest data breaches in history resulted from a single user’s poor security practices. For example, an employee at cloud storage provider Dropbox reused passwords on their company accounts, a weakness that allowed 60 million users’ data to be compromised.
Simply training all team members in government offices to utilize good security practices can make a world of difference. Also, consider implementing regularly scheduled password changes. Each employee must change their passwords for specified sites and applications every few months. This way, if login credentials are unknowingly compromised, there’s a narrow window of vulnerability.
Security experts also recommend that state and local governments invest in security software and network segmentation. It may seem like a hassle, but network segmentation is crucial for limiting the blast radius. This technique will ensure state and local governments have their data organized and stored so that a breach in one chunk does not compromise an entire network.
Increasing Security With Zero-Trust
Americans are becoming increasingly more skeptical of government organizations’ data security, with fears of election hacking making headlines. Officials should implement zero-trust to reassure citizens that their information is safe. Bringing zero-trust cybersecurity to the state and local level is the key to protecting invaluable data and instilling trust in the security of government offices at all levels.