The COVID-19 pandemic certainly has accelerated the pace of digital transformation.  Unfortunately, accelerated transformation coupled with the shift to a remote workforce created security vulnerabilities that left many businesses exposed to cyberattacks. The public sector also felt the pressure to adapt quickly to this new way of life and is also under attack.

From schools struggling to create a digital learning infrastructure, to local and state governments trying to accommodate the growing pressure from their citizens to offer digital services, to healthcare providers trying to minimize the number of patients on their premises by offering digital consultation alternatives – the public sector was, in most instances, caught off-guard by the sheer scale of the required transformation.

COVID-19: Acceleration of digital transformation

According to a joint study by Deloitte and the National Association of State Chief Information Officers, before the pandemic, 52% of the respondents in the public sector estimated that less than 5% of the staff worked remotely.  During the pandemic, on the other hand, 35 states had more than half of their employees working remotely; nine states had more than 90% remote workers.

Unfortunately, in the midst of the chaos, as federal, state, and local governments saw their resources depleted at an unprecedented rate, executing digital transformation in a gradual manner with sound cybersecurity priorities guiding the process was difficult or impossible for most organizations.  According to the report, only 28% of states reported that they had collaborated extensively with local governments as part of a security program during the past year, with 65% reporting limited collaboration.  Local governments were, for the most part, left on their own.

This lack of preparedness and rushed execution gave cybercriminals and nation-state cyber attackers a giant window of opportunity.  The FBI’s Internet Crime Complaint Center saw a 400% spike in cybersecurity complaints.  Local governments emerged as the biggest target of ransomware attacks, with 44% of all observed ransomware attacks aimed at municipalities.

The need for digital transformation is here to stay

Despite the development of multiple vaccines in record time and their roll-out at the end of the year, experts do not have high hopes about things “getting back to normal” before the second half of 2021.

Furthermore, the new digital habits developed by consumers, employees, patients, and constituents, combined with the sobering realization of the lack of preparedness for a crisis of global magnitude, means the pressure to digitally modernize operations and services will continue.  State and local governments must accept this reality and prepare.

According to a survey by Xerox, 60% of people approved of the government experimenting with digital technologies, and almost a third expressed a wish for even more services to become available online.  While in March 2020, 54% of people preferred in-person services, by August 2020, that number had dropped to only 13%, with 67% stating their preference for online services.

The main cybersecurity dangers of rapid digital transformation

Digital transformation, by its definition, requires fundamentally changing operations of an organization by digitizing processes, services, and entire ecosystems.  It’s the kind of change that goes beyond creating a robust IT infrastructure and requires a significant investment of resources into employee training and cultural transformation.

Many of the cybersecurity gaps occur for one of the following reasons:

• Misalignment between the expectations of leaders and IT’s capabilities;
• A lack of training on proper procedures, leading to irresponsible cyber behavior and human errors, which can easily expose organizations to breaches;
• A sudden integration of multiple third-party solutions into the IT ecosystem without creating an overarching cybersecurity protocol;
• Insufficient resources allocated towards digital transformation; and
• A failure to educate users on secure ways to utilize online services.

Balancing the pace of digital transformation with cybersecurity needs

As the immediate step in improving the digital transformation process, make sure to provide your users and employees with secure remote access and collaboration tools.  Issue a standard set of digital tools that your staff can employ to complete day-to-day tasks, be it virtual meetings, email, or data back-up.  Train your staff on the most common data breaches in social engineering (link to social engineering article) cyber attacks, including phishing, baiting, and scareware, by employing regular Security Awareness Training.

Monitor and manage access to the network using a strong access management system and network scanning software.

Make sure to use threat and vulnerability detection solutions from the very beginning.  This will help your IT staff consistently stay on top of the health of the network, track progress, and get insights that will allow for data-driven decision making.

Do not, under any circumstances, prioritize speed over security.  While it may provide short-term relief, it will open up your data to breaches that will be infinitely more costly to address down the line.

Instead, develop a long-term strategy that is based on Zero-Trust and Secure Access Service Edge models.  Focus on the automation of cybersecurity solutions and ensuring regulatory compliance every step of the way.  Change management is crucial in ensuring your system’s cybersecurity during a digital transformation process.  Make sure that each time a major change is made on a network, your organization follows proper change management documentation and runs vulnerability scans.  Among others, successful change management requires an excellent asset management strategy – an overarching view of the assets and their locations, access levels and users’ information, a list of vendors servicing the assets, etc.

Often, digital transformation means switching to cloud applications and cloud-delivered services.  Therefore, make sure that you put the right firewall rules and policies in place, ensuring that access is limited to the approved update servers and services.

Develop and implement a strict protocol on the hierarchy of data access by your employees.  Deploy file integrity monitoring and change detection solutions, which will constantly monitor your files for any changes, helping you identify files that may have been corrupted or otherwise tampered with.

Set up security information and event management (SIEM) and security orchestration automation and response (SOAR) systems, which will alert of verified threats and automatically trigger response actions.  Make sure to have a security operations center (SOC) or MDR team in place that will respond swiftly and effectively to incoming threats.

Develop and implement a data policy.  When approached systematically, it will allow you to identify the types of data your organization stores, whether that data should be stored, which staff members should have which type of access level, evaluate which specific data requires encryption, and implement measures to wipe specific records clean in compliance with relevant regulations – GDPR, for example.

Finally, embed the cybersecurity perspective in every action – ensuring data encryption, switching to managed private cloud services, deploying a cybersecurity dashboard, monitoring internal vulnerabilities, etc.

In conclusion

The scale of the pandemic has shifted priorities within most organizations in the public sector.  Government bodies, healthcare providers, and educational institutions switched to a highly reactive mode and ended up playing catch-up, often at the cost of data security.

However, this is not a short-term issue.  The need for the digitalization of services offered in the public sector is here to stay.  As such, the ability to balance the building pressure to do so with strong cybersecurity practices is all the more imperative.  Organizations need to undergo the process by first devising an overarching strategy that prioritizes data security at every step and then executing the strategy in a gradual, systemic way.

The only way to speed up the process is to do it right, thus eliminating the need to fix the infrastructure down the line.