Study: ‘Fivefold’ Increase In Phishing Attacks On State And Local Governments In Past Three Years

The National Association of State Chief Information Officers reports a significant increase in ransomware at state and local government but notes that while states may still be searching for ways to pay for security, the good news for MSPs is that they appear to be outsourcing more of their IT needs.

The cybersecurity threat to state and local governments has never been greater, with a “fivefold increase in phishing attacks in the last three years,” said Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO).

“In today’s environment, the bad actors are actually supporting ransomware because from a criminal standpoint, it’s easier to monetize ransomware than it is to steal all your data and sell it on the black market,” he said. “So what we’re seeing is the increase in ransomware is pretty substantial, particularly in those states that aren’t mature.”

Robinson spoke to a room full of MSPs who work with state and local governments during a panel at XChange 2019, hosted by CRN parent The Channel Company, and presented them with findings from recent NASCIO studies. Those figures showed while states are improving their security posture, budgetary constraints as well as talent acquisition remain the top two barriers to creating a robust defense.

Sponsored post

NASCIO tracked the maturity of states’ cybersecurity programs from 2013 to 2018 and found significant growth in key areas such as developing awareness training for employees and contractors. That area grew from 78 percent of states saying they had training in 2013 to 98 percent in 2018. The study measured growth in creating a strategic plan around cybersecurity, which grew from 61 percent adoption to 85 percent. Cyberattack insurance adoption went from not being a category in 2013 to 42 percent in 2018.

However, while states may still be searching for ways to pay for security, the good news for MSPs is that states appear to be outsourcing more of their IT needs. When NASCIO asked states how they planned to deliver or obtain IT services over the next three years, 57 percent said they planned to expand outsourcing, and only 10 percent of CIOs planned to expand state hiring of IT staff.

“No one has a set target,” Robinson said, “regardless of what the number is. The trend is clear and that is they continue to move towards more outsourcing, more managed services, more x-as-a-service, whether it’s platform, software.”

Alvin Myers, president and COO of United Systems, an Oklahoma City, Okla.-based MSP that does about 70 percent of its business in the K-12 market, said he hopes to see states take advantage of the private sector talent pool that is waiting to be tapped.

“We believe we have a lot to offer,” he said. “We believe we can be more cost-effective because of the efficiencies that we built into our process.”

Myers said the presentation gave him some insight into translating that message to state and local governments in a way that could drive sales.

“We’re always talking about how you can buy something that’s cheap but you may not get what you want out of that cheap product or service,” he said. “So, it’s given me a little bit of an idea to play on that when we’re presenting our capabilities and service, [here is] what you’re really getting, as opposed to what you are paying for.”

Paul Karch is the founder and CEO of Gardant Global, which has offices in Boca Raton, Fla., and Arlington, Va. Gardant Global works to bring technology companies into state and local markets. He believes one major problem facing states is their failure to specifically budget for security.

“You look at the cybersecurity issues and it’s an unfunded mandate,” he said. “No one is funding it. So they’re mandating that all the agencies have protection, but no one is paying for it. The state should come through and say we’re going to offer $30 million for cybersecurity for the agencies on an annual basis, end of story.”