There is no question: the cyber threats targeting America’s state and local governments, schools and universities, and public healthcare institutions are more persistent and sophisticated than ever before. While COVID-19 has brought certain cybersecurity challenges to the forefront, like those associated with this year’s surge in telework, many of the threats we see today are not new, just magnified.
Last year, for example, nearly one thousand public sector organizations were hit with ransomware attacks in the United States, costing upwards of $7.5 billion, according to Emsisoft. In total, U.S. public sector organizations suffered more than 23,000 cyber incidents in 2019 according to another report from Verizon – and those are just the publicly reported numbers.
Despite its resilient cyber posture, Arizona has not been immune to this trend. Last September, ransomware infected the Flagstaff Unified School District and, though the impact was quickly contained, the school district did have to cancel all classes for two days. Other states have not been so fortunate. A ransomware attack on the City of Baltimore last year, for example, cost an estimated $18.2 million in damages and downed critical constituent services, like real estate transactions and water billing, for months.
COVID-19 has only served to exacerbate this already complex cyber landscape, prompting a surge in the quantity and sophistication of phishing attempts and other attack vectors, both nationally and across Arizona. Unfortunately, some states have been targeted successfully, with cities in California and North Carolina both suffering ransomware attacks this March.
In large part, cybercriminals’ efforts have focused on employees navigating the new realities of remote work, including learning how to protect their work devices and data while far from the office. Internet technology teams, in turn, have had the unenviable task of enabling safe and secure telework capabilities, like virtual private networks (VPNs), and deploying collaboration applications, like Google Meet, Microsoft Teams and Zoom.
Amid these challenges, Gov. Doug Ducey and his administration have worked closely across our state agencies and with our counties, municipalities, and school districts to ease that initial government transition to telework in March and ensure Arizona did not become just another cyber statistic or headline. A great deal of that success was a result of steps the Arizona Department of Administration (ADOA) took last year to shore up our state’s digital resiliency, including mandating annual cybersecurity awareness training for every single state employee.
With such a mandate in place, ADOA has grown its cybersecurity team from 16 cyber professionals to 36,000 “human firewalls.” That all-hands-on-deck approach is critical when you consider that nearly 99% of all successful ransomware attacks rely on a victim to click a malicious link or download an infected file. Though people will likely always be the weakest link in any organization’s cyber protection posture, every effort must be made to fortify those links with the right education and resources to protect organizational devices and data from compromise.
As we wind down National Cybersecurity Awareness Month, now is as opportune a time as ever to remember that ensuring Arizona’s digital resilience will take constant and consistent work, not just during this pandemic but long after. Cybercriminals’ tactics are getting more sophisticated over time, often with the backing and funding of nation states unfriendly to America or organized crime syndicates. Countering such threats will take continued investment in cyber resources, cyber professionals, and the right cyber protection tools, so that organizations of all shapes and sizes – from the smallest K-12 school district and town to the largest statewide agency – remain #CyberFit.
Amid a sea of pressing COVID-19-related concerns, from healthcare to the economy, Arizona’s cyber vigilance must remain an urgent priority, whether you hail from the private or public sector. Cybercriminals have shown they will not let up, no matter the circumstances. We cannot, and will not, let up either.
Tim Roemer has served as Arizona’s Chief Information Security Officer since his appointment by Governor Doug Ducey in July 2019.
John Zanni is the CEO of Acronis SCS, a Scottsdale-based cyber protection and edge data security company serving the US public sector.