Public Sector Cybersecurity Weekly Briefing 05-04-2018

GDPR — Another Y2K or Real Apocalypse?
If you’ve been in this business long enough, you will have lived through multiple Hype Cycles. They start with some vaguely defined problem that if not addressed will lead to the end of the world, or at least, you and your organization’s world. We’ve seen this before, and now we’re about to see another wave of hype from GDPR, the EU’s latest personal privacy regulation set to take effect on May 25, 2018. The world is holding its breath for that day, much like another hyped event we were holding our collective breath on New Year’s Eve in 1999 — Y2K. After our own thorough evaluation of the GDPR security requirements, we’ve compiled the essential information U.S. companies need to know.

Atlanta’s Recovery Highlights the Costly Mistake of Being Unprepared
Now, during the aftermath of the Samsam incident, it was recently revealed that the city of Atlanta earmarked $1.4 million dollars for recovery and incident response. While it might not spend all of the money, the allocated funds tell a powerful story about clean-up and preparedness when it comes to security. Originally, it appeared that Atlanta had posted final figures, but when speaking to ZDNet, a city spokesperson said the figures listed on the city’s procurement portal were projected expenses that were not to be exceeded.

Local Governments’ Cybersecurity Crisis in 8 Charts
And they are more evidence of the poor, if not appalling, state of local government cybersecurity in the United States. We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Why Cities Are So Bad at Cybersecurity
Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.