STATETECH: How important are security assessments for state and local governments?
O’NEILL: Think of it like when you go to your primary care physician, and they draw your blood, take a look at your vitals and conduct a physical exam. Security assessments are similar, in a sense, because they tell you where you might need to improve or change. You can’t diagnose the patient unless you perform tests.
STATETECH: Are security assessments the first step to improving security posture?
O’NEILL: They are to me, because I don’t think you can fully appreciate the work that any organization has done or the investments they’ve made until you get a good glimpse through an assessment. They just give you better visibility.
STATETECH: What does today’s threat landscape look like?
O’NEILL: What we see a lot today are DDoS attacks, ransomware and social engineering. Threat actors are becoming more creative and aggressive in their approaches. Threats are growing exponentially because the tools that threat actors use are becoming more accessible and available in marketplaces, whether that’s the dark web or elsewhere.
There are nation-state actors funded through nation-state resources, which makes it a very difficult battle for local governments. If they don’t have the adequate resources to defend themselves, they’re going to be vulnerable.
