Governments are vulnerable to cybersecurity breeches. In this way, they don’t vary much from private-sector businesses, whose sometimes spectacular cybersecurity failings grab headlines. So, as a government with limited resources, how do you prepare for the inevitability of some bad actor trying to access sensitive information?
An August 2018 report out from the (ISC)2, a non-profit focused on “inspiring a safe and secure cyber world” details several key ways in which governments and private businesses alike can begin to build an internal culture focused on cybersecurity awareness. The major take-aways? Management understands the need for the importance of strong cybersecurity–97% of the cybersecurity professionals (ISC)2 polled indicated their managers understood why it was important. And while management may understand why it is important to focus on cybersecurity, they were less clear in their job descriptions to hire dedicated talent. 52% of cybersecurity professionals asked said job descriptions didn’t demonstrate an understanding of security.
The disconnect between management’s understanding of the threat cybersecurity breeches pose and the general understanding of the security environment could create opportunity for disarray in addressing threats. However, the (ISC)2 report goes on to say that to build a culture that effectively addresses cybersecurity concerns really centers on hiring and retaining talent, ensuring management is aware of the importance of cybersecurity, and aligning policies and strategy. Management’s concern and interest in building an effective shield against attack is enough, given the cybersecurity team is adequately staffed and their expertise is taken seriously.
If you are a local government who is struggling to keep up with the demands of ever-evolving cybersecurity issues, the Office of the Washington State Auditor has resources to help. Visit our website for resources and checklists designed to help you.
Our Office is committed to helping governments improve their operations. One way the Auditor’s Office does that is by leading Lean workshops for governments that ask for help improving a process. However, we also look for ways to improve our own Office as well, and we want to share the results of our process improvement efforts during 2017. Continue reading
State Auditor Pat McCarthy and DSHS Secretary
State Auditor Pat McCarthy attended a reception at the Department of Social and Health Services (DSHS) Aging and Long-term Support Administration’s (ALTSA) Complaint Resolution Unit (CRU) on Friday, July 6 to award them a State Auditor’s Office Stewardship award. Our Office is pleased to recognize the Department for its dedication to making government work better. The Department’s Complaint Resolution Unit (CRU) and field operations within the Aging and Long-Term Support Administration made significant improvements to resolve a long-standing audit finding and improve services to its clients. Continue reading
In this photo: Board (left to right): • A.J. Walcott, President, Amalgamated Transit Union, Local 843 • Kelli Linville, Mayor of Bellingham • Eric Davidson, Blaine City Council Member • Jim Ackerman, Mayor of Nooksack • Cathy Watson, Board Chairperson and Ferndale City Council • Satpal Sidhu, Whatcom County Council Member • Michael Lilliquist, Board Vice-Chairperson and Bellingham City Council Member • Jack Louws, Whatcom County Executive Next row: WTA Finance Staff (left to right) • Laurie Pederson, Payroll Specialist • Tami Eastwood, Revenue Manager • Erin Knudson, Manager of Accounting • State Auditor Pat McCarthy • Shonda Shipman, Director of Finance • Lynda Fox, Accounting Technician II • Susan Dickinson, Accounting Technician I • Magan Waltari, Purchasing and Contracts Coordinator
The Office of the Washington State Auditor is pleased to recognize Whatcom Transportation Authority as an outstanding example of commitment to safeguarding public resources. Authority management has consistently demonstrated dedication to proactive risk evaluation and resolution, compliance with applicable requirements, transparency and an attitude that invites our Office’s guidance, especially during the audit process. Continue reading
Pictured here, left to right: School Board President Kelly Bashaw; Superintendent Dr. Greg Baker; State Auditor Pat McCarthy
State Auditor Pat McCarthy was pleased to recognize Bellingham School District on June 20, 2018 as an outstanding example of commitment to safeguarding public resources. District leadership has consistently demonstrated dedication to risk evaluation and resolution, compliance with applicable requirements and transparency, especially during the audit process. Continue reading
Principal Performance Auditor Erin Laska was featured last week on TVW, highlighting the continued need for cyber security protection of the sensitive public data the state stewards. At the Office of the Washington State Auditor, we take safeguarding the public’s data from those who would seek to exploit it seriously. That’s why we regularly evaluate both state (see our most recent performance audit here) and local government cybersecurity controls for weakness, as well as make practical recommendations to help governments in Washington solve their cybersecurity challenges.
As local governments in Washington and across the United States deal with increasingly sophisticated attacks aimed at bringing down vital government services residents depend on, the need for careful controls and cyber security measures grows ever more crucial. At the Office of the Washington State Auditor, one of the resources we provide local governments with is helping them increase their cyber security in anticipation of just such events as outlined in the New York Times below. Are you interested in learning more about how we can help? Click here to read cyber security resources.
A Cyberattack Hobbles Atlanta, and Security Experts Shudder
By ALAN BLINDER and NICOLE PERLROTH
MARCH 27, 2018
ATLANTA — The City of Atlanta’s 8,000 employees got the word on Tuesday that they had been waiting for: It was O.K. to turn their computers on.
But as the city government’s desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world’s busiest airport still could not use the free Wi-Fi.
Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city.
The digital extortion aimed at Atlanta, which security experts have linked to a shadowy hacking crew known for its careful selection of targets, laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations. In a ransomware attack, malicious software cripples a victim’s computer or network and blocks access to important data until a ransom is paid to unlock it.
“We are dealing with a hostage situation,” Mayor Keisha Lance Bottoms said this week.
Your public auditors were busy in 2017. The Office of the Washington State Auditor published more than 2,000 reports covering a wide spectrum of topics.
While many people are familiar with our work in their area, fewer know the full scope of what the Office does across Washington. We are making a concerted effort to increase trust in government, and a key part of that goal is making audit work accessible and easy to understand.
This year, the annual report conveys the same detailed information in a more visual form. The Office’s teams do excellent work across the state, and we want you to know about it.
The 2017 annual report discusses the types of audits performed, our satisfied clients, training public servants and how the Office saves taxpayers money. Click here to check it out!
Part of management’s responsibility for financial reporting and safeguarding of public resources is to regularly evaluate its financial condition and develop plans to address any serious issues. For financial reporting, both the Budgeting, Accounting and Reporting System (BARS) Manual and the Governmental Accounting Standards Board (GASB) Statement No. 56 require disclosure in the notes to the financial statements regarding any situations that give rise to a substantial doubt about the government’s ability to continue to operate, along with management’s plans to address the situation.
While the BARS Manual and GASB standards address requirements for financial statement preparers, professional standards from the American Institute of Certified Public Accountants (AICPA) address requirements for auditors. These standards require the auditor to independently consider the government’s financial condition and any disclosures to determine whether the financial statements are fairly presented. This existing responsibility was underscored by the AICPA’s new Statement on Auditing Standards No. 132, which is intended to bring more consistency and greater clarity to how auditors approach this important topic. Continue reading
From left to right: Laura Marrone (Admin Tech), Rose Lauer (Assistant Office Manager), Commissioner/President Jerry Thornton, Sr., State Auditor Pat McCarthy, Commissioner John Thompson, Shane Young (General Manager) & Commissioner/Secretary, Renea Blanchette
Earlier this week, State Auditor Pat McCarthy recognized the King County Water District No. 125 for their commitment to making government work better and promoting a culture of accountability with a State Auditor’s Office Stewardship Award. Continue reading