By Oregon Tax News,
The Oregon’s Secretary of State Department’s website was breached by international hackers. The attack, which likely originated in China or North Korea, raised serious questions about the safety of personal information in the hands of state government. Oregon, like other states, is increasingly vulnerable to data breaches.
According to recent report from the National Association of State Chief Information Officers, cyberattacks targeting state government are growing in number and sophistication. Attacks occur daily but they are not necessarily the same thing as a breach. When breaches do occur they cost states millions of dollars to fix, often affect millions of residents, and undermine public confidence in the ability of government to protect citizens against cybercriminals. State governments are perfect targets for information-hungry cybercriminals. Their sites contain a trove of valuable information on residents and businesses, holding comprehensive repositories of personal data, including tax returns (an all related personal information), and even health records. The report underscores the growing challenge faced by state governments to protect their databases from hackers, and sheds light on the magnitude of the problem.
• For the most part, all states are getting hit daily by hackers. These attacks are wide-ranging and can evolve very quickly, making them difficult to contain.
• California’s state government sites experienced nearly 7,500 cyberattacks in less than a year’s time, which cost the state $5 million to fix.
• A breach last June of Montana’s Department of Public Health and Human Services affected 1.3 million people.
• In Washington, the state’s court system was hacked, compromising the social security numbers and drivers’ licenses of as many 160,000 people.
• Pieces of personal information are sold on the black market and have a price. For example, a person’s credit card information is sold for $1, while the going rate for someone’s health record is 10 times that figure at $10.
• Unsuspecting state employees are often the conduit through which hackers enter a government data system.
The report also surveyed states’ information and security officers to gauge whether states are prepared for the increased cybercriminality directed at public sector websites. Less than 25 percent of those surveyed indicate a high confidence level in their state’s ability to prevent breaches. Part of the problem lies in states’ ability to keep highly-trained personnel. Fifty-nine percent of information and security officers indicate a shortage on related manpower. Pay for cybersecurity professionals is significantly higher in the private sector. In some cases, states hire and train skilled information officers, who then take their skill to a more lucrative business.
There is no silver-bullet solution for state governments. Possible ways to improve state cybersecurity include:
Employee Training. As hackers become more sophisticated in their phishing and pharming scams, state employees must be trained to identify and avoid potential hackers. This is a major undertaking given the size of many state governments. Texas, for example, has 336,000 state employees.
Increased Budgets. Many state governments’ resources may not be sufficiently proportionate to the emerging threat. The federal government spends 11 percent of its information technology budget on cybersecurity. By contrast, at roughly half of states devote only one to two percent of their related budgets to similar efforts.
Military Veterans. To overcome the shortage of qualified IT professionals, state governments are turning to former military personnel, hoping to supplement their threat analysis expertise with IT skills and appeal to their sense of duty.