DECEMBER 2025 9GOVERNMENT CIO OUTLOOKmost attacks come from other means. According to Cisco's Cybersecurity Threat Trends report, data suggests that phishing accounts for around 90 percent of data breaches. What is even more scary, Verizon reports that of more than 79,000 breaches in 88 countries, approximately 60 percent of incidents were discovered within days, however, 20 percent could take months or more before organizations realized something was amiss. How long would you like a bad actor on your network? How much data could they gather in just an 8-hour shift? Information security in the 21st century looks entirely different than it did ten years ago. Post COVID-19, we now have more than 15 billion IoT devices connected to the internet. Statista reports that by 2030 we will have 29.42 billion IoT devices connected to the internet. We now have more remote workers than ever before. IT security professionals used to have to worry about just their corporate buildings and corporate- issued equipment such as a laptop and desktop computer. Now that landscape has been expanded to employees' homes, the billions of devices that connect back to company data, and workers all over the world connecting to a countless number of public WiFi access points. When it comes to government and a lot of small to medium businesses with a limited budget, how do we defend ourselves? What does this look like for those that cannot invest millions into securing every aspect of their network and those devices connected to the company data? The good news is there are some simple things that can be done that do not cost millions. Here is a list of some basic things that can be put in place to help protecting our networks and data:· Have an information security incident response plan ­ This plan will help you identify critical components of your organization, and how to respond and recover from a cybersecurity incident. · Have a good disaster recovery plan ­ When (not if) a cyber security attack happens, being able to recover your data and continue is very important. Having immutable backups are a must. · Ensure that patching of edge devices, servers, workstations, IoT devices, and other network-connected devices are patched regularly with the most recent security patches ­ Security patches close known vulnerabilities. It is important to stay current with the latest security patches. · Provide cybersecurity training to end users ­ This is very important, and I cannot stress this enough. Services provided by KnowBe4, InfoSec IQ, and others, provide your company with security awareness programs that help your end users identify phishing emails and bogus web sites. Remember 90% of breaches are due to a phishing attempt.· Invest in next generation security tools ­ As security attacks have become more advanced, so have tools that we can use to defend against it. There are EDR and XDR malware detection tools provided by Cisco, Crowdstrike, SentinalOne, and many others that give you visibility into behaviors on your end devices and servers. Services from DarkTrace, Arctic Wolf and others provide monitoring of your network and end devices. These all look for patterns of behaviors and obscure activity. On the edge of your network, having a next generate firewall that monitors your traffic is a must in today's world. This is not a complete list that will guaranty protection of your network, but it is a list of items that will put a roadblock in front of bad actors and will not cause a business to go bankrupt. In fact, this is an investment and the protection of your data and customers' information! Be aware of the reality of modern day threats and your options for some basic security measures that can be easily and inexpensively implemented in small and medium businesses as well as local governments. Be aware of the reality of modern day threats and your options for some basic security measures that can be easily and inexpensively implemented in small and medium businesses as well as local governments.
< Page 8 | Page 10 >