New Law Requires State Employees To Undergo Cybersecurity Training

CHICAGO (CBS) — Every day there are attacks on state government computer systems.

“Ninety-one percent of cyber attacks start with an email from someone who is portraying themselves of being legitimate. This is referred to as a phishing email,” said Kirk Lonbom, Chief Information Security Officer. “These phishing emails can result in infections of entire networks, ransomware and stolen passwords.”

Lonbom said now all state employees will be trained to be the state’s first line of defense.

cybersecurity 1 New Law Requires State Employees To Undergo Cybersecurity Training

Governor Bruce Rauner signed House Bill 2371 at The Department of Innovation & Technology in the Thompson Center. (WBBM/Lisa Fielding)

“We have to move quickly. Nearly 50 percent of Americans do not receive Cybersecurity training in the workplace. House Bill 2371 insures that will not happen in the State of Illinois,” he said.

Governor Bruce Rauner signed the bill at The Department of Innovation & Technology in the Thompson Center.

“Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.” he said.

cybersecurity 5 New Law Requires State Employees To Undergo Cybersecurity Training

Cybersecurity Training certification process (WBBM/Lisa Fielding)

The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy. Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.

“It is very important that our employees become the first line of defense when it comes to cybersecurity, as it comes to making sure our environment is safe. They will be important tools to recognize any threats,” said Hardik Bhatt, DoIT secretary designate and chief digital officer. “We’ve already trained 95 percent of our executive branch employees.”

cybersecurity 2 New Law Requires State Employees To Undergo Cybersecurity Training

“It is very important that our employees become the first line of defense when it comes to cybersecurity,” said Hardik Bhatt, DoIT secretary designate and chief digital officer. (WBBM/Lisa Fielding)

Last summer, the State Board of Elections was breached.

State election officials in Illinois found evidence that hackers had “tried to delete or alter voter data,” and data on roughly 90,000 voters was downloaded by the attackers.

With this new law, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees.

cybersecurity 4 New Law Requires State Employees To Undergo Cybersecurity Training

Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. (WBBM/Lisa Fielding)

According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach amongst the 419 companies they surveyed was $3.62 million. Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, these training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.

Watch & Listen LIVE