In a recent government meeting, cybersecurity officials from the Washington State Auditor's Office (SAO) presented their findings on the state of cybersecurity across local and state governments for fiscal year 2024. Jamie Berwickman, a senior cybersecurity auditor, and Michael Germstead, a cybersecurity audit manager, highlighted the ongoing threats posed by ransomware and the need for improved cybersecurity measures.

The SAO has conducted extensive audits since 2014, assessing 54 local governments and 39 state agencies. This year alone, they completed 23 local audits, including new ransomware audits aimed at enhancing resilience against such attacks. The audits revealed that while there has been a slight increase in the implementation of cybersecurity safeguards, significant vulnerabilities remain. For instance, nearly one-third of assessed safeguards were fully implemented across state agencies, but 188 vulnerabilities were identified, including critical and high-risk issues.

Local governments showed a similar trend, with about 25% of safeguards fully implemented. However, the audits also indicated a growing awareness of cybersecurity issues among local entities, with many addressing vulnerabilities promptly. The SAO emphasized the importance of dedicated cybersecurity staff and consistent IT practices, noting that agencies with stable leadership and a proactive culture performed better.

The meeting also addressed the lack of standardized cybersecurity requirements for local governments, which complicates their ability to defend against cyber threats. Ralph from WATEC echoed these concerns, pointing out that smaller municipalities often struggle with limited resources and outdated systems, making them prime targets for cyberattacks. He noted that in 2023, 69% of state and local governments experienced ransomware attacks, with nearly half involving data theft.

To combat these challenges, Washington State has invested over $11 million in cybersecurity improvements across municipalities in the past two years. The officials underscored the necessity of collaboration among local governments to enhance collective security, sharing resources and intelligence to better prepare for emerging threats.

As the cybersecurity landscape continues to evolve, the SAO's findings serve as a crucial reminder of the ongoing vulnerabilities faced by government entities and the need for continuous improvement in cybersecurity practices.