In this case, the 30-page report does this by splitting information into key areas, including:
- An assessment of available resources to address the impacts of cybersecurity incidents
- Recommended preventive and recovery efforts
- An evaluation of the state’s shared information security resource assistance program
- A review of existing cybersecurity-related statutes
- Legislative recommendations to protect the state against adverse impacts of cybersecurity incidents
With that said, DIR’s first recommendation involves identity management.
According to the report, identity fraud cases are up more than 70 percent since 2020, with an estimated $5.8 billion in losses in 2021 alone. As a result, the agency recommends implementing identity management practices, such as multifactor authentication, to help protect entities against unauthorized users gaining access to the system and stealing valuable data.
Second is creating an inventory of all devices, software, data and virtual assets.
The reason for this, the report says, is to determine what should and shouldn’t be included in an organization’s network. By identifying these areas, government entities can have more visibility into the systems and devices that send, receive, process and store sensitive and confidential data to help officials make informed decisions about how networks are used.
Third is defending against ransomware attacks.
At its core, a ransomware attack uses data encryption to prevent an organization from accessing files and systems. Usually, attackers will often demand some sort of payment in exchange for the information they are holding hostage. To avoid this, DIR recommends having complete backups that are tested routinely and stored physically and separately from all other production systems.
Also recommended is providing training to staff so they can identify and report suspicious emails that pose ransomware risks, along with incorporating endpoint detection and response tools to reinforce defenses.
Fourth is incorporating cybersecurity training.
According to the report, IT, finance, purchasing and executive staff are frequently targeted in a cyber attack. As a result, DIR recommends providing executive-focused or role-based cybersecurity awareness training programs to help employees recognize suspicious activity and to help them react accordingly.
One example the report provides regarding the topic is attackers using designed social engineering attacks to reroute payroll and vendor payments to their own accounts.
Fifth is vulnerability management and secure configuration.
Due to cybersecurity’s rapidly changing threat landscape, DIR recommends adopting a routine schedule of technical and non-technical assessments of its security posture to help organizations prioritize and identify potential weaknesses.
For DIR, this involves implementing security services such as network and web application penetration testing, mobile application penetration testing, vulnerability scanning, security event and incident monitoring, and security assessments.
Sixth is ramping up cloud security.
According to the report, in the last 18 months, 79 percent of companies experienced at least one cloud data breach, with 43 percent reporting 10 or more breaches in that time. As a result, the agency recommends increasing cloud security. In DIR’s case, the state’s Risk and Authorization Management Program, also known as TX-RAMP, provides security and privacy controls for all U.S. federal information systems except those related to national security.
These controls ensure that all outstanding compliance issues and vulnerabilities are identified, documented, tested, and resolved promptly.
Lastly, the report recommends improving boundary defense and visibility; secure application development and testing; incident response planning and exercises; and third-party information security.
By incorporating all of these recommendations, organizations can reduce risks, increase information security capabilities and create a quicker and better response to security threats.