Two fire protection districts received a State Auditor’s Office Stewardship Award (SASA) from State Auditor Pat McCarthy this week for their dedication to improving government for the residents of Washington state. Continue reading
Government organizations have become increasingly dependent on computerized information systems to carry out their operations. These systems process, store and share sensitive and confidential information, including personal and financial data, in order to deliver services to residents. Risks to a local government’s information technology (IT) environment go beyond the activities of hackers stealing credit card information or Social Security numbers, or installing malware to disrupt communications. Errors or misuse of the system by employees or contractors can also jeopardize the operation of any entity that relies on computers and networks.
Research by Verizon Wireless in their 2017 Data Breach Investigation Report shows that the public sector reported the most cyber security incidents, and the third most confirmed data breach incidents, of any industry in 2016. A 2017 study by the Ponemon Institute, a research center that focuses on privacy, data protection and information security policy, found that governments pay an average of $110 per record lost in a data breach. To help Washington’s local governments protect their Information Technology (IT) systems, we are offer them the opportunity to participate in a performance audit designed to assess whether there are opportunities to improve the security of their IT systems. Skagit County chose to participate in this audit; you can read their report on our website. You can also watch one of our talented IT auditors presenting Skagit County the results of their audit.
Governments are vulnerable to cybersecurity breeches. In this way, they don’t vary much from private-sector businesses, whose sometimes spectacular cybersecurity failings grab headlines. So, as a government with limited resources, how do you prepare for the inevitability of some bad actor trying to access sensitive information?
An August 2018 report out from the (ISC)2, a non-profit focused on “inspiring a safe and secure cyber world” details several key ways in which governments and private businesses alike can begin to build an internal culture focused on cybersecurity awareness. The major take-aways? Management understands the need for the importance of strong cybersecurity–97% of the cybersecurity professionals (ISC)2 polled indicated their managers understood why it was important. And while management may understand why it is important to focus on cybersecurity, they were less clear in their job descriptions to hire dedicated talent. 52% of cybersecurity professionals asked said job descriptions didn’t demonstrate an understanding of security.
The disconnect between management’s understanding of the threat cybersecurity breeches pose and the general understanding of the security environment could create opportunity for disarray in addressing threats. However, the (ISC)2 report goes on to say that to build a culture that effectively addresses cybersecurity concerns really centers on hiring and retaining talent, ensuring management is aware of the importance of cybersecurity, and aligning policies and strategy. Management’s concern and interest in building an effective shield against attack is enough, given the cybersecurity team is adequately staffed and their expertise is taken seriously.
If you are a local government who is struggling to keep up with the demands of ever-evolving cybersecurity issues, the Office of the Washington State Auditor has resources to help. Visit our website for resources and checklists designed to help you.
Our Office is committed to helping governments improve their operations. One way the Auditor’s Office does that is by leading Lean workshops for governments that ask for help improving a process. However, we also look for ways to improve our own Office as well, and we want to share the results of our process improvement efforts during 2017. Continue reading
State Auditor Pat McCarthy attended a reception at the Department of Social and Health Services (DSHS) Aging and Long-term Support Administration’s (ALTSA) Complaint Resolution Unit (CRU) on Friday, July 6 to award them a State Auditor’s Office Stewardship award. Our Office is pleased to recognize the Department for its dedication to making government work better. The Department’s Complaint Resolution Unit (CRU) and field operations within the Aging and Long-Term Support Administration made significant improvements to resolve a long-standing audit finding and improve services to its clients. Continue reading
The Office of the Washington State Auditor is pleased to recognize Whatcom Transportation Authority as an outstanding example of commitment to safeguarding public resources. Authority management has consistently demonstrated dedication to proactive risk evaluation and resolution, compliance with applicable requirements, transparency and an attitude that invites our Office’s guidance, especially during the audit process. Continue reading
State Auditor Pat McCarthy was pleased to recognize Bellingham School District on June 20, 2018 as an outstanding example of commitment to safeguarding public resources. District leadership has consistently demonstrated dedication to risk evaluation and resolution, compliance with applicable requirements and transparency, especially during the audit process. Continue reading
Principal Performance Auditor Erin Laska was featured last week on TVW, highlighting the continued need for cyber security protection of the sensitive public data the state stewards. At the Office of the Washington State Auditor, we take safeguarding the public’s data from those who would seek to exploit it seriously. That’s why we regularly evaluate both state (see our most recent performance audit here) and local government cybersecurity controls for weakness, as well as make practical recommendations to help governments in Washington solve their cybersecurity challenges.
As local governments in Washington and across the United States deal with increasingly sophisticated attacks aimed at bringing down vital government services residents depend on, the need for careful controls and cyber security measures grows ever more crucial. At the Office of the Washington State Auditor, one of the resources we provide local governments with is helping them increase their cyber security in anticipation of just such events as outlined in the New York Times below. Are you interested in learning more about how we can help? Click here to read cyber security resources.
By ALAN BLINDER and NICOLE PERLROTH
MARCH 27, 2018
ATLANTA — The City of Atlanta’s 8,000 employees got the word on Tuesday that they had been waiting for: It was O.K. to turn their computers on.
But as the city government’s desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world’s busiest airport still could not use the free Wi-Fi.
Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city.
The digital extortion aimed at Atlanta, which security experts have linked to a shadowy hacking crew known for its careful selection of targets, laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations. In a ransomware attack, malicious software cripples a victim’s computer or network and blocks access to important data until a ransom is paid to unlock it.
“We are dealing with a hostage situation,” Mayor Keisha Lance Bottoms said this week.
Your public auditors were busy in 2017. The Office of the Washington State Auditor published more than 2,000 reports covering a wide spectrum of topics.
While many people are familiar with our work in their area, fewer know the full scope of what the Office does across Washington. We are making a concerted effort to increase trust in government, and a key part of that goal is making audit work accessible and easy to understand.
This year, the annual report conveys the same detailed information in a more visual form. The Office’s teams do excellent work across the state, and we want you to know about it.
The 2017 annual report discusses the types of audits performed, our satisfied clients, training public servants and how the Office saves taxpayers money. Click here to check it out!