Various sectors across the U.S., including schools and government institutions, are impacted by cyberattacks (specifically, ransomware attacks). Ransomware attacks are becoming more prevalent everywhere; it’s not just the U.S., as almost 2 billion ransomware attacks have been reported globally from 2017 to 2022, according to Statista.
Ransomware attacks involve malicious actors gaining unauthorized access to a system and encrypting its files or locking out legitimate users. The attackers then demand a ransom in exchange for restoring access or decrypting the files.
The consequences of cyberattacks extend beyond financial losses, though. They disrupt critical services, compromise sensitive data, erode public trust and can lead to economic and reputational damages.
That said, the reason for educational institutions and government entities being highlighted in this article is because they are unfortunately attractive targets due to the sensitive information they hold and the potential impact on public services.
Educational institutions, including schools and universities, house extensive personal and financial data of students, faculty and staff. This information, such as Social Security numbers, addresses and financial records, is highly valuable for identity theft, financial fraud and illegal sale on the dark web. Additionally, educational institutions conduct research and development, holding proprietary data and intellectual property that can be targeted by cyber espionage groups or competitors.
Government entities also handle vast amounts of sensitive data. They store citizen information, such as Social Security numbers, tax records and health data (to name a few), which are prime targets for identity theft and major financial exploitation. Governments also manage critical infrastructure, such as power grids and transportation systems, making them susceptible to serious cyberattacks that can disrupt public services and compromise public safety.
Additionally, government agencies handle classified information, diplomatic communications and defense-related data, making them targets for nation-states and cyber espionage groups seeking strategic advantages.
New York state is amongst the U.S. states that have been heavily targeted, with hundreds of attempted attacks on state entities. One notable incident occurred in 2022 when Suffolk County's government fell victim to a cyberattack. The attack resulted in the county's system being offline for several weeks, causing widespread disruption to public services. Moreover, the attackers managed to disable email access for public workers, further hampering day-to-day operations.
It is because of attacks like what happened to Suffolk County that governments at various levels (including federal, state and local authorities) are working to enhance cybersecurity frameworks and allocate resources to combat these threats. Collaboration between government agencies, educational institutions and private sector entities is crucial to effectively address the evolving landscape of cyber threats and protect critical infrastructure and sensitive information from cyberattacks.
It makes sense that governments are reacting because disruptions to public services, temporary shutdown of government websites, loss of access to critical systems and delays in the delivery of public services can have severe ramifications for citizens. To mitigate these risks, educational institutions and government entities must prioritize cybersecurity. Robust measures need to be implemented, including strong access controls, regular system updates, security audits, data encryption and staff education on cybersecurity best practices.
In a step toward bolstering cybersecurity measures for New York, state Sen. Kristen Gonzalez, D-District 59, sponsored a bill that mandates the use of multifactor authentication (MFA) for local and remote access to government networks across New York state. The proposed legislation also imposes requirements for public websites to encrypt exchanges and adhere to fundamental privacy standards.
“Cyberattacks are on the rise, and state entities are an increasingly frequent target,” said Gonzalez. “New Yorkers should never have to fear that the state government will lose access to its systems because of an attack.”
MFA is a vital security protocol that provides an additional layer of protection against unauthorized access to sensitive information. By requiring multiple forms of verification, such as passwords, biometrics or security tokens, the measure seeks to fortify the defenses of government networks against potential cyber intrusions. This proactive approach aims to prevent data breaches, mitigate the risk of ransomware attacks and safeguard the integrity of critical systems.
"Multifactor authentication is a cost-effective way to improve our cybersecurity preparedness; it is 99.9% more unlikely for an account to be compromised when MFA is used,” said Gonzalez. “We know that attacks aren’t going away; increasing our preparedness by using MFA is one of the best ways we can protect our state government.”
The proposed legislation also advocates for enhanced privacy standards by mandating that public websites encrypt exchanges. Encryption is a process that converts information into a coded format, rendering it unreadable to unauthorized individuals. By implementing this safeguard, sensitive user data transmitted through public websites can be shielded from prying eyes, reducing the risk of unauthorized access or data interception.
The measure's successful clearance by the Senate Internet and Technology Committee highlights the recognition among lawmakers of the pressing need to enhance cybersecurity practices and protect government infrastructure from evolving cyber threats. The proposed legislation represents a proactive and forward-thinking approach to mitigate potential risks and safeguard public trust.
If passed into law, the measure would establish a vital framework for cybersecurity standards across government entities in New York state, ensuring that the necessary precautions are taken to secure networks and protect sensitive data. Moreover, it would foster a culture of proactive cybersecurity practices, encouraging public websites to prioritize encryption and adhere to fundamental privacy guidelines.
As cyberattacks continue to rise and threaten the stability of critical systems and the privacy of individuals, initiatives like Gonzalez's proposed legislation play a crucial role in fortifying defenses against malicious actors. With increased reliance on digital infrastructure, protecting networks and ensuring data privacy are imperative to maintaining public services, instilling confidence in the government's ability to safeguard its citizens' sensitive information.
The proposed legislation will now proceed to the next stage of the legislative process, where it will be reviewed and debated by the broader Senate body. As the bill advances, stakeholders from government, technology and privacy advocacy organizations are expected to provide their perspectives, ensuring a comprehensive approach to addressing cybersecurity challenges in the state.
By implementing this stringent cybersecurity measure in New York state, educational institutions and government entities will better safeguard personal data, prevent financial losses, maintain public trust and ensure the uninterrupted delivery of critical services.
Edited by Alex Passett