National Cyber Security Awareness Month and NAST

Dear Colleagues,

As we draw near the end of another year, we enter October and National Cyber Security Awareness Month (NCSA). For all of us working in State Treasuries and financial services the threat landscape continues to grow, and we must continue to adapt our defense strategies. Thus far in 2022, we have seen many attacks with global impacts, the likes of which have never been seen before. Look here to see a list of the major attacks from this year alone.

When it comes to adapting defense strategies, we have found some creative ways to help keep our skillsets sharp and set our team up for a challenge. The Illinois State Treasurer’s office was invited to attend the ICL – the International Cyber League Challenge. We put our team against the best of the best in a live-action scenario and put our grit to the test in a way that is hard to demonstrate outside of a live incident. I am happy to say the team did well (we didn’t win, nor did I expect to, but going through the exercise was a great lesson for all of us – the results are here).

We can improve on what we learned, but the key take away was learning new strategies to defend our technology footprint. Bringing those lessons back to the agency helped to change the way we view our cyber security strategies. Additionally, we are now providing this type of service free to all of the units of local government who participate in our ePayand Illinois Funds programs so they too can improve their cyber security programs.

We will continue to adapt, as do the threats that are ever changing. Throughout my time working in cyber security, there has been a mentality that I would like to change within security professionals. For years, security professionals and IT administrators have stated that your biggest cyber security weakness will always be your end users, your staff. Although I can empathize with why that thought process came into existence, we must change the message.

Our staff, our employees, anyone who touches technology, are our biggest asset/defense and play critical roles in protecting our respective functions. We cannot be successful without the continued vigilance in our day-to-day tasks. As security professionals, we bombard staff with new trainings, scare tactics with the new threats that impact daily functions, and typically offer much doom and gloom. While staff need to understand the reality and consequences of letting their guard down, we also need to help them stay motivated and to feel like they’re part of the team in protecting our systems.  Personally, I want thank everyone for your tireless efforts in helping us secure the technologies we use every day.

To that end, I’d like to invite you to a free webinar that NAST is hosting titled "Preparing Your Leadership for a Cyber Attack" on Wednesday, October 12, 3 pm ET.  Click here to sign up.  Cyber-attacks have impacted a number of governments in recent years and can result in high costs, dramatic disruption to essential services, and negative press. During this online interactive session, you will experience a ransomware attack as it hits your office and navigate the many decisions that must be made to protect yourself and your organization.

For this year’s Cyber Security Awareness Month, we thank all of you for making our jobs a success. We cannot do it with your help.

VR,

Joseph Daniels
CIO, Illinois State Treasurer’s Office