By: Amanda Day, Grants Development Consultant - Cybersecurity
As American workers increasingly use digital platforms, and depend on mobile devices, exposure to various cybersecurity risks has become a major threat. Cyber criminals can capitalize on security vulnerabilities to obtain personal information and data from state, local, and tribal governments, public safety agencies, K-12 schools, Institutes of Higher Education, and healthcare organizations. This can result in increased instances of financial fraud, unauthorized access to systems, and identity theft. Adopting cybersecurity technologies and providing cybersecurity training for the U.S. workforce is essential in combating hackers, preventing the need for ransom payments, preventing data theft, and reducing the threat of system disruptions or outages. Cybersecurity involves employing technology, methods, and safety protocols to counter and safeguard against various cyber threats such as phishing, malware, ransomware, and other forms of cyberattacks. As threat actors and cybercriminals evolve, the technologies to combat them must evolve as well.
What are the most important cybersecurity trends in 2024?
· Artificial Intelligence (AI) is set to become increasingly important in the field of cybersecurity. AI's sophisticated data analysis capabilities are being employed to detect and forecast cyber threats and to strengthen early warning systems. These technologies are evolving to better identify and counter new cyber threats.
|
· The Internet of Things (IoT) is rapidly expanding as well, linking an infinite number of devices. However, this growth also introduces increased security risks. The broad range of IoT devices makes them appealing targets for cyberattacks, while their interconnectedness heightens vulnerabilities.
|
· The ongoing expansion of remote work remains a defining aspect of the professional landscape. This transition underscores the critical importance of cybersecurity, particularly in ensuring secure remote access to work environments.
|
· Phishing attacks have remained a persistent threat in the cybersecurity realm as they continually evolve. Improved phishing methods are circumventing traditional security measures, employing personalized and technically advanced tactics.
|
· With mobile devices becoming essential to both personal and professional life, the emphasis on mobile security has intensified. The increased reliance on mobile devices for a multitude of tasks, including financial transactions, remote work, and personal communications, makes them appealing targets for cybercriminals.
|
· Zero Trust security has gained significant momentum as it operates on the principle of "never trust, always verify." Traditional cybersecurity models focus on securing the perimeter, while Zero Trust assumes that threats come from outside and inside networks.
|
· Endpoint Detection and Response (EDR) constitutes an endpoint security solution that persistently monitors devices to identify and counteract cyber threats such as ransomware and malware. In addition, Managed Detection Response (MDR) is the continuous monitoring of an organization’s network to identify any threats and immediately address cybersecurity threats in real-time.
|
In FY24, the U.S. government is poised to spend $11.8 billion to secure federal networks and combat cyber threats and hackers. This represents an increase in cybersecurity spending from the $11.3 billion spent on the same activities in fiscal 2023. The Department of Homeland Security (DHS), specifically its Cybersecurity and Infrastructure Security Agency (CISA), is receiving a sizable portion of the budget, amounting to $3.15 billion. Additionally, other top-funded agencies include the Department of Health and Human Services (HHS) and the Treasury Department. These agencies are deeply involved in areas such as data privacy and financial security enforcement, so funds enable these agencies to implement security measures, conduct investigations, and develop policies aimed at safeguarding sensitive information and ensuring the integrity of financial systems.
So, where can public entities apply for grant funding to help bolster their systems and improve cybersecurity training for their workforce?
Several grant resources will fund cybersecurity, including three main funders: federal grants, state grants, and foundation grants. We see most cybersecurity funding coming from the Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) in the form of pass-through grants such as the State and Local Cybersecurity Grant Program (SLCGP), the Tribal Cybersecurity Grant Program (TCGP), the Homeland Security Grant Program (HSGP), Urban Areas Security Initiative (UASI), and the Emergency Management Performance Grant (EMPG). Additional sources of cybersecurity funding come from programs like the American Rescue Plan’s Coronavirus State and Local Fiscal Recovery Funds and the HAVA Election Security Funds. Additionally, cybersecurity can be funded as part of larger, more comprehensive, projects such as water and sewer improvements, broadband infrastructure, transportation projects, and law enforcement initiatives.
Continuous innovation and flexibility are essential for effectively countering cyber threats. For many public entities, cybersecurity measures are underfunded. Local governments, educational institutions, healthcare facilities, and public safety agencies should regularly monitor grant announcements, stay informed about funding opportunities, and actively pursue partnerships to secure resources for cybersecurity initiatives and workforce training.