Deloitte and The National Association of State Chief Information Officers (NASCIO) have published a 2020 Cybersecurity Study, "States at Risk: The Cybersecurity Imperative in Uncertain Times," Deloitte reported on Wednesday. 

The study has been created through responses from 51 U.S. state and territory enterprise-level chief information security officers (CISOs). CISO participants answered 61 questions designed to characterize the enterprise-level strategy, governance and operation of security programs.

"The last six months have created new opportunities for cyber threats and amplified existing cybersecurity challenges for state governments," said Meredith Ward, director of policy and research at NASCIO. 

The study reported that the pandemic has highlighted gaps in budget, talent and threats and the need for partnerships. Deloitte noted that collaboration with local governments and public higher education is key to mitigate cyber risk. Additionally, the report stated that CISOs should develop a centralized structure to improve cyber agility, effectiveness and efficiency.

The report stated that COVID-19 has made organizations face challenges within state IT and cybersecurity, including securing adequate budgets and talent and coordinating consistent security implementation across agencies.

Before the pandemic, 52 percent of respondents said less than five percent of staff worked remotely. Following the mass shift to telework, 35 states have had more than half of employees working remotely, and nine states have had more than 90 percent remote workers.

With COVID-19, there has been an increased need for cybersecurity; however, the report stated that fewer than 40 percent of states reported having a dedicated budget line item for cybersecurity, and 50 percent still allocate less than three percent of their total information technology budget on cybersecurity.

"The pandemic forced state governments to act quickly, not just in terms of public health and safety, but also with regard to cybersecurity," said Srini Subramanian, principal, Deloitte & Touche LLP, and state and local government advisory leader.

Federal Resources Corporation (FRC) has partnered with Accenture Federal Services (AFS) to advance cybersecurity solutions to the federal and public sector departments and agencies, AFS reported on Wednesday.

“Federal Resources Corporation’s capabilities, contracts, and investments in delivery and security innovations in partnership with Accenture Federal Services allow us to provide better, faster, and less costly solutions to our mission partners,” said Jeremy Young, CEO of FRC.

Under the partnership, the companies will deliver innovative cybersecurity solutions, as well as experts, to enable federal departments and agencies to achieve information security objectives. The companies will offer solutions that are effective and easy to acquire.

Additionally, the AFS and FRC will enable the federal government to maintain a strong posture, comply with Federal Information Security Modernization Act (FISMA) and modernize their processes to include cutting edge techniques.

AFS will provide innovative modernization processes and technology to offerings, including Extended Detection & Response (XDR), iDefense Security Intelligence Services, and Next Generation Cybersecurity Services.

FRC will deliver streamlined procurement of AFS’ capabilities through the NASA Solutions for Enterprise-Wide Procurement (SEWP) contract vehicle. FRC will also enable the federal government to reach the Small Business Administration (SBA) HUBZone acquisition targets as they modernize their cyber security posture.

“As part of Accenture’s Federal Vision 2030, we believe that ‘Authenticity is Currency.’ Organizations like FRC help federal departments and agencies ensure the security and privacy of their mission and that’s why we selected them as a strategic partner,” said Aaron Faulkner, managing director, AFS.

About Accenture Federal Services

Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, Virginia. Accenture’s federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned that advanced persistent threat actors are exploiting legacy vulnerabilities in internet-facing infrastructure devices to gain access to networks of federal and state, local, tribal and territorial government agencies.

“The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application,” the joint advisory from CISA and FBI states.

APT actors also use a privilege escalation vulnerability to obtain access to servers as well as open source tools to steal account credentials.

CISA and the bureau said the malicious cyber activity by these threat actors may pose some risk to elections data stored on government networks.

Organizations have been advised to have an “assume breach” mentality, patch systems and equipment, perform comprehensive account resets, update virtual private networks and devices, implement multifactor authentication and block public access to potentially vulnerable ports, among other measures.

CISA has recommended that network staff and administrators review internet-facing infrastructure for vulnerabilities that have or could be exploited to a similar effect.