The State of Cybersecurity in the States

State and local agencies are some of the most attractive and vulnerable targets for cyber criminals. In 2023, malware attacks increased by 148%, and ransomware incidents increased by 51%. These agencies are targeted because they hold valuable personal data on citizens and control critical services--yet their security efforts have historically been underfunded and under-resourced. However, the tide may be changing.

A report on the ransomware experiences of state and local government in 2024 showed a dramatic decrease in the number of those organizations that were impacted this year. The report found ransomware attacks impacting 34% of state and local governments, marking a sharp decrease from the 69% affected in 2023. Let's take a look at some of the trends and activities that are fueling the improvement in state and local cybersecurity. Continue reading

How the Healthcare Industry Is Working to Become Immune to Ransomware

The first known ransomware attack occurred in 1989 and was targeted at the healthcare industry. The attention and attractiveness of healthcare organizations to ransomware hackers have not waned in the decades since. In fact, attacks are growing by 70-100 percent year over year. In 2023, there were over 460 ransomware attacks impacting U.S. health organizations, making it the most targeted industry.

This year, a major attack delayed prescription fillings and led to cash flow issues at facilities across the country. The American Healthcare Association said that 94% of hospitals have reported financial impact from the incident, with some losing upward of $1 billion per day in revenues. Continue reading

Department Spotlight: Health and Human Services

In its work to "enhance the health and well-being of all Americans," the Department of Health and Human Services (HHS) oversees more than 100 programs across 13 agencies. Ten of these agencies are focused on public health, with three having human services as their main mission.

Across all of these agencies, there is a shared focus on the secure and ethical use of technology to improve public health and wellbeing. In 2023, HHS had an IT budget of $8.5 billion. Despite this spending, HHS has struggled to meet federal requirements. It did not score well on a cybersecurity audit, partly due to a lack of coordination among the operating units. Continue reading

Agency Spotlight: Environmental Protection Agency

The Environmental Protection Agency's (EPA) mission is to protect human health and the environment. That is accomplished through a number of key efforts, including developing and enforcing regulations, providing grants, studying environmental issues, sponsoring partnerships, and educating the public about the environment through programs and publications.

While the mission of the EPA is decidedly focused on the health of the earth, the challenges it addresses are increasingly coming from cyberspace, with cyber threats becoming a key focus of organizations utilizing natural resources. Continue reading

The Lesser Known Missions of Homeland Security

The mission of the Department of Homeland Security (DHS) is widely understood, "to safeguard the American people, our homeland, and our values." However, in carrying out this mission, DHS touches a number of areas that may not seem intuitively tied to homeland defense but are nonetheless critical challenges facing the nation as well as agencies across government.

Artificial Intelligence

DHS has a key role in securing the homeland from cyber threats. The department's Cybersecurity & Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. With this responsibility, CISA and other DHS agencies play a key role in shaping policy and guidance around emerging technology use. Today, they are keenly focused on helping agencies safely and ethically use Artificial Intelligence (AI) to improve mission effectiveness.

DHS is leading by example. AI is currently being used to aid border-patrol efforts, combat drug trafficking, and create age-progression estimations of missing children. While implementing AI itself, DHS is also focused on how adversaries may use AI and creating ways to defend against the technology being used to spread disinformation, create more advanced cyber attacks, or speed the development of weapons. Continue reading