Rising expectations bring mounting challenges

The public’s exponentially rising expectation of easy online access — fueled by unprecedented levels of convenience and expedi­ency from smartphones, tablets, and laptops — comes with a major downside: never-before-seen levels of exposure to cyber criminals.

Bridging the gap between deliver­ing the services people expect and operating in a totally secure mode is challenging. The breadth and sensitivity of information held by state and local government orga­nizations — frequently including financial, medical and even criminal records — represents a very prized target for would-be hackers.

Cyber attacks are becoming more pervasive all the time. Announcements of high-profile data breaches are an almost daily occurrence.

Keeping safe

Staying ahead is of para­mount importance for everybody entrusted with protecting data. However, it has become clear that traditional protection measures, like firewalls, intrusion prevention systems (IPS) and anti-virus (AV) software are not doing enough to protect organizations from the new generation of continually more sophisticated threats.

Maricopa County chief infor­mation security officer (CISO), Michael Echols, commented, “It’s really important to understand the characteristics and effectiveness of the security measures that you have in place. We have a multi-tiered approach and implement the best identification technologies avail­able, but we also supplement this with a predefined mitigation strat­egy so that we know exactly how to handle anything that requires immediate attention.”

The county uses FireEye solu­tions to provide signature-less, real-time protection of its online assets. FireEye is a premier member of NACo.

Sharing the knowledge

Cyber security is obviously not just an issue for the county’s CISO. Echols noted, “We put a lot of energy into educating the community; the challenges we face are the same ones they are going to be facing at home. We feel a responsibility to share the best practices that will help our citizens to be safe online. We try to present a realistic view of the threats, as well showing what steps can be taken to minimize the dangers.”

For Echols it all comes down to being prepared. He summarized, “It’s really a numbers game: I’ve got to be right every time but the attacker only has to be right just once. We have implemented the very best defenses but are equally well-prepared for the remote pos­sibility of a breach.”

(Echols is the chief information security officer (CISO) for Maricopa County, Ariz.— the fourth largest county in the United States. Prior to his appoint­ment, he was a security consultant to multiple Fortune 500 companies. He is a published author and a sought-after speaker at national events, presenting on a wide range of information security-related topics.)