Governor Kathy Hochul recently unveiled New York’s first-ever state-wide cybersecurity strategy, intended to protect the state’s digital systems and infrastructure from the ever-growing presence of cyber threats. This initiative is expected to modernize government networks, establish digital protections at the county level, ensure safeguards for critical infrastructure, and renew the state’s commitment to assisting local governments through the acquisition of strategic technologies that can be deployed across all levels of government.
This cyber strategy comes at a crucial moment for state and local entities. In a 2021 letter to Congress, representatives from the National Governors Association, the National Association of Counties, the United States Conference of Mayors, and other organizations pointed to the increasing number of ransomware attacks noting that the evolution of cyber incidents has progressed from “digital consequences to sophisticated strikes intended to threaten the health and safety of our nation’s citizens.” And a recent study found that local governments were the organizations least capable of disrupting ransomware attacks, and they were also among the ransomware victims to pay ransoms most frequently (43% paid a ransom after an incident).
A cyber strategy in the national interest
As one of the most populous and economically powerful states in the U.S., the importance of protecting New York’s cyber resilience goes beyond the state level — it’s also a national security issue. Cyberattacks have emerged as one of the most significant threats to our country. We must do everything in our power to continue strengthening our nation’s cybersecurity, which means giving state and local governments the resources to build and enhance their cyber defenses.
Governor Hochul will prioritize assessing and reporting on the effectiveness of implementation. To that end, transparency and metrics will be key to measure and communicate about risk in the state objectively. Cybersecurity ratings offer an outside-in view of an organization’s risk posture and threat landscape and give organizations a means for objectively monitoring their security hygiene and that of their vendors. They also help stakeholders at all levels gauge where their security efforts are improving or deteriorating over time.
Improving cyber resilience to protect critical infrastructure
The complexity of the IT ecosystem is enormous. Yet companies and government regulators too often have little-to-no information about the security of critical vendors, partners, and agency assets. Our recent report with The Cyentia Institute revealed that 61% of public sector agencies have open cyber vulnerabilities, taking a median of 309 days to remediate them. And the report on critical infrastructure that we released at this year’s World Economic Forum found that cyber resilience is getting worse, not better. To ensure the continued safety of our critical infrastructure systems and protect national security, we must foster close relationships and increased communication between the public and private sectors. Leaders at all levels of government and enterprise have recognized the value of greater use of consistent measurement to calculate, measure, and demonstrate progress in reducing risk exposure.
The right tools to increase cyber resilience
Institutions must have up-to-date cybersecurity tools and universally adopted cyber hygiene practices to prevent ransomware attacks and other cyber intrusions on local governments. To prevent and respond to these types of incidents, SecurityScorecard has the tools to help. Continuous monitoring in our ratings platform can identify the blind spots in your digital footprint and help protect the attack surface from every angle. In the event of a confirmed or suspected ransomware attack, our incident response and digital forensics teams provide support. Other offerings include Cyber Risk Intelligence as a Service (CRI) and Attack Surface Intelligence (ASI). SecurityScorecard is committed to working with all levels of government, private sector owners, and operators of critical infrastructure to ensure we measure what matters most and help drive progress. Together, we can make the world a safer place.
