CHICAGO (CBS) — Every day there are attacks on state government computer systems.
“Ninety-one percent of cyber attacks start with an email from someone who is portraying themselves of being legitimate. This is referred to as a phishing email,” said Kirk Lonbom, Chief Information Security Officer. “These phishing emails can result in infections of entire networks, ransomware and stolen passwords.”
Lonbom said now all state employees will be trained to be the state’s first line of defense.
“We have to move quickly. Nearly 50 percent of Americans do not receive Cybersecurity training in the workplace. House Bill 2371 insures that will not happen in the State of Illinois,” he said.
Governor Bruce Rauner signed the bill at The Department of Innovation & Technology in the Thompson Center.
“Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.” he said.
The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy. Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.
“It is very important that our employees become the first line of defense when it comes to cybersecurity, as it comes to making sure our environment is safe. They will be important tools to recognize any threats,” said Hardik Bhatt, DoIT secretary designate and chief digital officer. “We’ve already trained 95 percent of our executive branch employees.”
Last summer, the State Board of Elections was breached.
State election officials in Illinois found evidence that hackers had “tried to delete or alter voter data,” and data on roughly 90,000 voters was downloaded by the attackers.
With this new law, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees.
According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach amongst the 419 companies they surveyed was $3.62 million. Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, these training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.