Managing Cyber Threats on a Small Budget

This is a guest post by Meredith Trimble, senior marketing content specialist for Tyler Technologies

Has your city experienced a cybersecurity incident? Some municipalities circle the wagons after incidents to shield residents from worry and hide vulnerabilities from other potential attackers. Often, residents remain unaware of a breach or consequences. Some attacks make big news, and mayors and council members must answer for and address the situation publicly.

Either way, incidents create a deeper, more realistic awareness of the constantly evolving threat environment. Elected officials and staff alike are driven to take proactive action on many fronts to prevent future loss. This can be tough, however, in the face of scarce resources and voters who prioritize low tax rates and the more obvious public-facing services. Do you have room in your budget for unplanned expenditures? And what account will take the loss?

In-House vs. Outsourcing

Scarce resources can compel leaders to dig in house and see what can be done with the internal resources available. On matters of cybersecurity, however, the increasing complexities and rapid evolution of technology may mean that the most effective tools and knowledgeable staff to fight cyberattacks simply aren’t there.

Recent articles in GovTech and CompTIA have made interesting cases for why local governments might be better off outsourcing some or all of their IT operations, including cybersecurity. In GovTech’s interview with Teri Takai, the executive director of the Center for Digital Government and former CIO of the U.S. Department of Defense, Takai points out some pain points for local governments struggling to keep up with cyber threats:

  • Lack of resources
  • Aging technology
  • New technology that doesn’t integrate with existing systems
  • Lack of size and scale to appropriately meet evolving challenges
  • Lack of executive understanding and appropriate funding/support

As Takai noted, “There is no ‘one-time spend’ that makes a jurisdiction 100% secure.” Neither can a jurisdiction really go it alone. Successful emerging models of cyberthreat management involve collaborations, partnerships, and economies of scale. This can be a tough sell – a challenge I know well, coming from a parochial New England town. Sharing resources can feel an awful lot like losing control. It can be uncomfortable and unpopular.

Partnership and MDR Options

Opportunities exist between federal, state, and local governments, as well as between traditionally siloed departments such as IT and public safety, to join forces and share technology and expertise. Particularly in tech infrastructure and threat monitoring and detection, jurisdictions can connect with a shared technology partner.

Utilizing a managed threat detection and response (MDR) service is another avenue to economically detect malicious behavior and safeguard data. It allows organizations to benefit from cybersecurity domain expertise without the need to invest in training, development, or headcount, as outlined in this recent blog, Why Your Business Should Consider Managed Threat Detection.

Culture is Key

Another important action is to cultivate an organization-wide cybersecurity culture, one in which every department is involved in the ongoing effort. Creating this culture means developing cybersecurity awareness throughout your entire organization, which will lead to organizational practices that support the secure execution of your business strategy. This article contains five concise steps to help your organization build a cybersecurity culture.

As Takai noted, “The ability of smaller organizations to address the threats without collaboration, shared resources, and support of the technology partners is a thing of the past.” All of us with tight budgets should consider partnerships, resource sharing, and managed threat detection options to stay ahead of cyberthreats and avoid potentially devastating loss.

Take the first step in creating a cybersecurity plan by downloading NLC’s new report: What Cities Should Know About Cybersecurity.

MeredithTrimbleAbout the author: Meredith Trimble is a former municipal official and Town Council Acting Chair, who focused on strategic planning, annual budgeting, and bonded infrastructure projects. Her government experience also includes posts in both federal and state-level executive branch agencies. She is the senior marketing content specialist for Tyler Technologies