Meet Armis at Black Hat 2024

Learn More
Nov 21, 2023

2024 Cybersecurity Predictions for State & Local Agencies and Educational Institutions (SLED)

brand color blocks purple thumbnail
This blog is part of the 2024 Cyber Predictions blog series where Armis Experts share their thoughts on trends and technologies shaping the future of cybersecurity.
Check out all our 2024 predictive blogs →

 

2023 is quickly ending, and 2024 is just around the corner. There’s been a lot of progress throughout 2023 regarding cybersecurity in the public sector, especially as we zoom in on state and local government agencies and educational institutions (SLED).

New York State debuted its first cybersecurity strategy in August and dramatically increased its security budget to $90 million in fiscal year 2024. This expanded funding will help county and local schools to meet more stringent cybersecurity directives, such as K-12 guidance put out early this year by the Cybersecurity and Infrastructure Security Agency (CISA).

While milestones such as these show significant progress within the industry, they also act as stepping stones in the more extensive cybersecurity journey for SLED organizations as the threat landscape rapidly evolves. This progress is only the tip of the iceberg – security and IT pros in the sector are picking up speed with intentions to build on the momentum coming into next year.

With that, here are my top 5 predictions for what next year holds for cybersecurity for SLED.

1. There will be an increased emphasis on adopting whole-of-state cybersecurity strategies next year.

Whole-of-state is a cybersecurity strategy that aims to improve defenses at every level of state and local government by breaking down governmental silos and encouraging entities to share cybersecurity resources and information to enhance their collective cybersecurity posture. We’ll see further emphasis on this framework in the year ahead, driving the adoption of the theories across the entire ecosystem with state and local government, educational institutions, and other public and private organizations.

2. SLED organizations will modernize their tech stacks and cybersecurity programs in 2024.

SLED organizations are actively working to move from legacy operations, developing an understanding of the inherent risk of old-fashioned approaches to security and IT and the advantages introduced by adopting new technology, including cloud infrastructure. 2024 will be the year these entities modernize and digitally transform their IT stack and cybersecurity programs with the help of increased funding. This includes adopting Zero Trust philosophies.  Historically, these entities have struggled to understand what this approach means and where to get started but can now effectively model off of the rigorous implementation of Zero Trust that federal agencies are undergoing. As part of this, public sector IT and security pros will also keep security best practices top of mind by undertaking projects such as segmenting their network to protect mission-critical systems.

3. Artificial Intelligence (AI) driven technologies will be essential to IT and security professionals’ solution stacks.

AI is a tremendous technological advancement but can also be a double-edged sword. The technology enables bad actors with more capabilities to deploy sophisticated attacks. In the same way, it’s giving public sector IT and security professionals added capabilities to defend their organizations and to improve how they manage their expanded attack surface. As such, AI-driven technologies will prove to be essential to IT and security professionals’ solution stacks next year.

Take AI-powered cyber exposure management solutions, for instance. Given the explosion of physical and virtual connected assets, SLED leaders are struggling to understand what’s in their environment. Further, already short-staffed teams are overwhelmed by the need to keep up with the noise from too many tools and threat intelligence feeds that do not share risk-based prioritization recommendations and pull from too many siloed data streams. With the help of comprehensive, AI-driven solutions that prioritize risk-based alerts and offer contextual insights, organizations can leverage the power of AI to proactively secure all assets, remediate vulnerabilities, and block threats to protect the entire attack surface. This improved operational efficiency will be critical to defending from the increased AI-powered attacks of malicious actors in the year ahead.

4. More states and local entities will adopt FedRamp-inspired programs to improve agency security postures.

The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized approach to security authorizations for Cloud Service Offerings. With security top-of-mind across SLED, I believe more states next year will start to adopt StateRamp or similar programs modeled on what we’re seeing on the federal level. As is already the trend, states will likely grandfather in organizations authorized with FedRAMP into the localized programs to expedite the deployment of trusted solutions.

5. Securing critical infrastructure will be one of the most crucial priorities of 2024 across all public sector entities.

Security and IT professionals must increase defenses around the critical infrastructure our country is so deeply dependent on. This requires an all-hands approach across the public sector. Now more than ever, with the election year ahead, bad actors could seek to cause chaos or disturbances to the electoral process and increase doubt regarding election security.

Attacks against infrastructure have the capability to cause huge amounts of damage, human suffering, and financial cost. This in addition to causing distrust in government and potentially disrupting important governmental processes- everything from election administration to the regular functioning of public schools.

Without a crystal ball, it’s impossible to predict the future. But what is certain is that the evolving threat landscape continues to worsen, and with an election year ahead, SLED organizations must improve their asset cybersecurity posture. There’s already been progress on this front, but security and IT pros must continue to build upon this momentum – and fast – leveraging the technology and partnerships at their disposal.

Armis secures Fortune 100, 200 and 500 companies and national governments and state and local entities to help keep critical infrastructure, economies, and society safe and secure 24/7. Learn more here: https://www.armis.com/cybersecurity/state-and-local-government/

2024 Cyber Predictions

Get Updates

Sign up to receive the latest from Armis.