Did the Cybersecurity Stakes Get Even Higher in 2021? – GovTech
In 2021, cybersecurity got more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against U.S. targets rose 185 percent year over year in the first half of 2021, according to Internet security solutions provider SonicWall. Criminals also leaned hard on double extortion and turned their efforts against organizations like food supplier JBS and Colonial Pipeline, where system interruptions wouldn’t just harm the victim and their clients, but also a broad swath of society.
Federal response got more serious, too, homing in on defending critical infrastructure, and states haven’t sat on the sidelines, either. Several moved to ban ransom payments and direct more resources toward defending against the threats, although researchers say fully tackling the problem requires national and international coordination.
Nation-state-driven cyber espionage by Russia and China also loomed heavy in public consciousness, particularly the SolarWinds incident, attributed to Russia. That saw a compromised security patch spread malware to clients, including government agencies, and woke up the U.S. to the need for software supply chain security. Calls for reviewing software development environments and creating a software bill of materials became more pressing.
The White House has sought to infuse fresh energy into fighting cyber crime, appointing its first-ever national cyber director and channeling new funding to state and local governments. Biden’s May executive order announced plans for holding federal agencies to higher cyber hygiene standards, and the administration signaled interest in putting more pressure on private firms to support a better national cyber posture as well.
The federal government also turned attention to states and localities, where efforts to modernize legacy systems and upgrade defenses are often held back by shortages of money, people and guidance on how to invest most impactfully. The Cybersecurity and Infrastructure Security Agency (CISA) has been working to become a go-to resource, however, and could gain more powers and programs next year under the National Defense Authorization Act (NDAA) for Fiscal Year 2022, which has not yet passed at time of writing. Federal efforts like these are also unleashing more dollars, but states and municipalities will need sustained funding.
Nationwide demand for cybersecurity professionals outstrips supply, and governments struggle to lure recruits able to net more lucrative salaries in the private sector. Experts increasingly call for expanding talent pipelines by taking a more flexible approach, including considering applicants with nontraditional experience or who are permanently remote and creating alternative job and training pathways such as apprenticeships. They …….