The White House’s ambitious national cyber strategy— which represents a shift away from decades-old voluntary compliance guidelines to a more aggressive regulatory approach of critical infrastructure firms—couldn’t come at a better time. A recent study found that local governments were the organizations least capable of disrupting ransomware attacks, and that they were also among the ransomware victims to pay ransoms most frequently (43% paid a ransom after an incident). Our own report on critical infrastructure explored the rising number of nation-state attacks, largely due to Russia’s ongoing war in Ukraine. Critical infrastructure and entities in the financial and public sectors are the backbone of society; and for society to function, the public needs to trust that these services and institutions are safe.
As part of our mission to make the world a safer place, last year, SecurityScorecard partnered with the National Association of Counties (NACo) and the Conference of State Bank Supervisors (CSBS). NACo serves 40,000 county elected officials and 3.6 million county employees. By partnering with SecurityScorecard, NACo members have taken advantage of our cybersecurity tools and services to evaluate supply chain risk, improve compliance, inform cyber insurance underwriting, and simplify board reporting. The CSBS is the national organization of bank regulators from all 50 states, American Samoa, District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands. SecurityScorecard provides CSBS with support for state financial regulators through insights on the cybersecurity health of state financial institutions and access to our leading cybersecurity ratings technology. These alliances have enabled us to share critical cyber threat information with key institutional partners, while ensuring they have access to real-time data to monitor and protect critical assets.
SecurityScorecard’s partnership with NACo today
Since partnering with NACo, SecurityScorecard has attended the NACo Legislative Conference in Washington, D.C., where we presented our research, “Applying Machine Learning to Understand Cyber Risk.” This presentation outlined how our global data collection network informs our risk intelligence platform, and the role artificial intelligence (AI) and machine learning (ML) play in the attribution methodologies underlying our digital footprint, issue detection, and evolving Scorecards.
Additionally, we highlighted issues of vendor management and third-party risk. With 60-70% of cyber incidents originating in the vendor ecosystem, it’s key to have an automated, robust third-party risk management (TPRM) program in place to identify and address cyber risk. Not only will a strong TPRM program reduce risk and ensure accountability and compliance, it will also free up organizations’ resources to focus on delivering services and innovation.
SecurityScorecard’s partnership with CSBS today
State regulators have an important mandate that requires them to protect consumers, ensure the safety and soundness of their institutions, and promote economic growth. The recent collapse of two regional banks—and the resulting panic—has demonstrated all too well how easily a lack of trust in financial institutions can spread. The partnership with SecurityScorecard has allowed the CSBS to monitor the cyber health of multistate financial institutions, and share information about these entities with relevant state regulators. This will ultimately save time and resources while boosting the agency’s overall cyber resilience.
The CSBS has also voiced its support for The Bank Service Company Examination Coordination Act, a bipartisan piece of legislation that would authorize the coordination between state and federal regulators in the supervision of third-party service providers. The passage of this bill, seen by most as common sense legislation, would increase information sharing and regulatory coordination, allow more efficient use of limited resources, and create a safer cybersecurity environment for the banking sector.
Harnessing automation to improve public sector security
Looking ahead, automation will be key to the future of fighting cybercrime in the financial sector and at the local government level. Organizations can automate and scale many of the functions in their vendor risk management programs with security assessments, which complement security ratings for a complete inside-out view of vendor risk. Using automation and machine learning to validate vendor responses will shorten the assessment process by as much as 83%.
Overcoming the technical resource deficit will also be critical for the public sector in combating ransomware and other cyber incidents. To that end, last year the DHS established the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP), with $1 billion over four years to help state, local and tribal governments address cybersecurity risks.
To prevent ransomware attacks and other types of cyber intrusions on local governments, institutions must have up-to-date cybersecurity tools and universally adopted cyber hygiene practices. To prevent and respond to these types of incidents, SecurityScorecard has the tools to help. Continuous monitoring in our ratings platform can identify the blind spots in your digital footprint and help protect the attack surface from every angle. In the event of a confirmed or suspected ransomware attack, our incident response and digital forensics teams provide support. Other offerings include Cyber Risk Intelligence as a Service (CRI) and Attack Surface Intelligence (ASI).
For more information on how to better secure your organization, visit SecurityScorecard.