North Carolina’s digital infrastructure is under attack daily by unseen enemies and on multiple fronts. These adversaries are on a mission to infiltrate the network, disrupt operations and attempt to steal North Carolina’s citizens’ data.
NCDIT is not alone in this challenge. According to the 2018 Verizon Data Breach Investigations Report, there were more than 2,200 data breaches in the public and private sectors in around the world in 2017, including last December when Charlotte fell victim to a ransomware attack that nearly crippled the city and its infrastructure. Verizon also reports more than 53,000 “incidents” around the world.
Given the loss of time, money and particularly the loss of trust when governments allow citizens’ data to be compromised, it’s not surprising that improving the state’s cybersecurity stance is among the top priorities of the Department of Information Technology.
Chief Risk Officer Maria Thompson and the Enterprise Security and Risk Management Office (ESRMO) lead this defensive effort on behalf of the department.
The ESRMO’s mission is to provide leadership in the development, delivery and maintenance of a cybersecurity program. Its strategic vision focuses on security enhancement, enablement of resiliency, and protecting the state’s information assets and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ESRMO supports security control implementation, monitoring, threat and vulnerability management, cyber incident management, enterprise business continuity management, and cyber awareness and training.
Most cyber incidents are a result of end-user actions, such as clicking on phishing emails and/or providing usernames and passwords to state and personal accounts. The 2018 Verizon Breach report identified that 25 percent of incidents are a result of intentional or unintentional actions by employees or those with trusted access to the network.
This is why ESRMO has teamed with NCDIT Operations through the Unified Communications group to deploy solutions such as Mobile Application Management (MAM), Multi-Factor Authentication (MFA) and cloud storage restrictions. Most DIT employees have already seen these initiatives, or will see them soon.
Mobile Application Management (MAM). This solution allows authorized state employees to securely access their state emails and Office products using state and personal devices. Personal data on devices are not impacted if the device is lost or when the employee leaves state employment.
Multi-Factor Authentication (MFA). MFA allows for dual authentication to systems and services and reduces the risk of account credential theft through phishing or other means.
Cloud Storage Use. State legislation requires that the State CIO maintain an inventory of where state data resides. ESRMO will be procuring solutions such as a Cloud Access Security Broker (CASB), designed for “protecting, discovering and controlling access to applications in the cloud,” as well as identify shadow IT activities which may create risks to state data.
As previously noted, the 2018 Verizon report states that almost 75 percent of cyberattacks came from outside the organization, which means that more than a quarter of attacks came from insiders. Further, almost 20 percent of the known breaches were the result of employee errors – clicking on malicious phishing links, failing to properly destroy or secure sensitive information, or accidentally sharing confidential or sensitive information.