Earlier this month the National Association of State Chief Information Officers (NASCIO) published their 2014 top 10 list for polices and technology issues facing state governments. NASCIO Top 10 Security, consolidation, cloud services and enterprise portfolio management topped the list. While security has made the list the last several years, this year’s survey is the first time security has ranked #1. “It is significant that security has now risen to the number one priority on our top 10 list,” said NASCIO President and Mississippi Chief Information Officer Craig Orgeron. “As I presented in congressional testimony before the Committee on Homeland Security last week, cyber-attacks against state governments are growing in number and becoming increasingly sophisticated. Security has to be the top priority for all sectors.”
In a March 2013 report by Government Security News on the topic of why government agencies are potential targets for security threats, Christopher Pogue, Director of Digital Forensics and Incident Response at Trustwave wrote… “the retail industry emerged as the top target for cyber attacks in 2012, surpassing the food and beverage industry (2011) and the hospitality industry (2010). While government agencies did not emerge as a Top Three target, retail, food and beverage and hospitality services are provided within the government infrastructure and can be targeted by organized cyber-criminals in the same manner, which is why all government agencies must be vigilant and implement a thorough data security strategy.
Many government agencies store, process and transmit cardholder data. Citizens pay taxes, fines and various permit fees with credit cards, either online or in person. So, how do government agencies know those citizens’ personal data is being protected?
After performing nearly 1,500 investigations during the past five years, Trustwave security experts know that it is only a matter of time before a government agency becomes a victim. Given the widespread ramifications of successfully breaching a government-owned payment system, businesses within the government infrastructure must act now and implement a thorough, in-depth cyber security plan, in addition to making sure they comply with the Payment Card Industry Data Security Standard, an information security standard created to increase controls around cardholder data to reduce credit card fraud.”