Click here to read my July 2022 article regarding government technology and processes in American City and County.
My observation and hypothesis is we don’t have a pure “security” problem, we have a “resilience” problem. We see with a ransomware attack that a negative actor exploited a single point of failure in the environment. If the data stores (and the underlying processes) were resilient, air gapped, and secure, the ransomware attack would be nullified, thereby limiting the financial incentive of the attacker. Securing the perimeter and focusing on a checklist of security controls IS NOT ENOUGH!
Goal is to build a resilient, anti-fragile organization that can handle everything in the internal and external environment. Build an operation that can take a hit and continue to deliver constituent services with little to no interruption. The time to act is NOW before the next crisis.