What’s going on in Oregon is more than likely typical of most governments and companies – a patchwork of systems that not only have difficulty talking to one another but also gaps that leave the government, company or other institution vulnerable to an cyber threat. Simply throwing money at the cyber security problem leads to silo solutions not a shrewd, cohesive cyber security system that is both proactive and reactive that protects the institution in full. Granted, cyber attacks are a moving target, but that also means their evolving nature combined with the growing adoption of our Digital Lifestyle and expanding access points under our Digital Infrastructure investing theme mean cyber security will likely remain a key growth driver for our Safety & Security investing theme. No wonder Broadcom is looking to scoop up Symantec.
Auditors say Oregon’s central administrative agency lacks basic controls to protect its information and systems from a cyber attack.
That means the Department of Administrative Services’ information and systems are at risk for “unauthorized use, disclosure, or modification,” according to a report released Wednesday, July 3, by Secretary of State Bev Clarno.
Auditors said a fragmented organizational structure and approach to managing security concerns may be parts of the problem. The agency’s roughly 30 subdivisions “receive varying levels of support” from the agency’s IT department, which supports only 16 of the 85 applications that workers use. The rest are supported by non-IT employees scattered throughout those divisions, and don’t receive oversight or involvement from the agency’s IT department, auditors said.
That has created inconsistency, and means the agency’s subdivisions may not be aligning with best practices when it comes to security.
Auditors said cyber-threats are a growing worry. “Cyberattacks, whether big or small, are a growing concern for both the private and public sector,” auditors wrote. “Recent breaches at Oregon state agencies have only escalated this concern.”