Threat landscape increasing
Attacks on local governments have risen 58.5% in a single year1 and, as of 2020, the cost per ransomware event averaged $125,697. Hackers’ success stems from an increasingly complex landscape.
In a recent survey conducted by Ernst and Young,2 3,500 people, including a mix of employees and agency leadership, were polled to learn how COVID-19 has impacted their work experience. The broad survey confirmed that both technology approaches and workspaces are changing for the foreseeable future:
- 80% of public sector employees are looking for better digital collaboration to enable a mix of onsite and remote work.
- 70% of employers are planning moderate to extensive changes to remote work strategies and related policies.
So, IT departments must rise to another set of challenges to enable collaboration in these new hybrid models. As the National Institute of Standards and Technology (NIST) noted in its recent publication, any information that’s collected, stored, processed, or transmitted on mobile devices is especially vulnerable to attack.3
CISOs face a daunting task
To reduce overall security risk, government CISOs must establish technology and process approaches designed to address these unique vulnerabilities. Here are four areas to keep top of mind as hybrid work becomes more routine:
- Mitigate the risk of more complicated supply chains. Hybrid work models are creating risks as state and local agencies look beyond their offices to find the best talent. According to NIST, “Federal agencies are concerned about the risks associated with… poor manufacturing and development practices within the ICT Supply Chain.” In fact, before users turn on their PCs, malicious actors have multiple opportunities to compromise the supply chain.
- Limiting access to the narrowest set of data and protecting it. An analysis of over 13,000 customer sites across North America and Europe showed that at least 73% of devices had sensitive data on them.4 Absolute Data, who conducted the survey, attribute the increase in sensitive data to remote work.
- Protect the device in real time in many environments. The device itself can become an entry point for cyberattacks. Reliance on home networks and other more open networks creates that threat to security that must be monitored and dealt with in real time, so agencies need greater endpoint visibility and control.
- Securing data and the device at end-of-life. Local government agencies need multiple options to continue privacy beyond the devices’ service lifecycle. Even end-of-life disposal can be a great risk. Before a device is turned in, drives need to be wiped. And that can be a challenge in a hybrid work model.
Gain control with Lenovo ThinkShield
The Lenovo ThinkShield approach to security provides end-to-end Security by Design. Starting with our rigorous Trusted Supplier Program, we ensure that every supplier meets the highest standards for end-to-end supply chain security. And, solutions like Secured-core PCs guard against any attempt to attack below the operating system level, so systems are protected from factory floor to the end user.
Importantly, ThinkShield includes features designed specifically for real-time endpoint protection, including drive encryption powered by WinMagic, next-generation antivirus protection powered with patented AI from SentinelOne,® and persistent endpoint security management from Absolute.®
And Lenovo has you covered at end-of-life with secure wipe in the BIOS that reliably deletes all data from hard drives, enabling remote workers to return solutions reliably and securely at end of life.
You can learn more about Lenovo’s complete portfolio of award-winning devices and comprehensive security solutions on our Government page.
1 Dark Readings, “As Cyberattacks Soar, US State and Local Government Entities Struggle to Keep Up,” July 7, 2020
2 Ram Venraktraman, “Workforce reimagined: A conversation with government executives,” Ernst & Young LLP, August 2021
3 NIST, “Securing Electronic Health Records on Mobile Devices,” Special Publication SP 1800-1, July 2018
4 Dark News, “Enterprises Applying OS Patches Faster as Endpoint Risks Grow,” May 2021