Agencies Proactively Turn to Third-Party Security Assessments
“Now we can standardize this information for any new equipment we purchase,” says Sanders.
“We have continuous monitoring of the environment; it is not a “once and then” situation. We can actually be alerted immediately if a new device suddenly connects to the network, if something changes from the baseline. “
TO EXPLORE: How to tackle the threat of social engineering attacks.
Get an opportunity to prepare for the worst
The city of Rancho Cucamonga, California, meanwhile, conducted a third-party assessment to ensure its city officials know what to do in the event of a ransomware attack.
“We did a tabletop exercise with our city’s executive staff, and it was an external assessment of how city leaders would deal with an offense,” said the director of innovation and development. technology, Darryl Polk. The planning exercise “gives city leaders insight into decisions that should be made on the fly,” he says.
“If we wait and try to invent these processes while we are in the incident, it diverts resources where they are needed. The more we can plan for external mitigation, the more it allows us to focus on the technology if and when we find ourselves in this situation. ”
Juarez, of the San Diego Housing Commission, said the CDW • G team’s deep dive reassured him that critical citizen data was safe from prying eyes. “They go through our website. They also scan our networks, scan our servers. They go through several layers. These are real attacks designed to drill holes and find vulnerabilities in our systems, ”he says.
This incentive helps the agency meet its own high safety standards. “Cyber security is always the # 1 priority because we have a lot of sensitive data, we have a lot of personal data,” he says. “We take privacy very seriously. ”
Equally important, the assessment helped the housing agency validate its practices, Juarez says.
“It puts us in a very strong position with our supervisory board,” he says.
“We are an agency that takes the right proactive approach, not only for the programs we develop, but also from a cybersecurity and data management perspective,” he adds.