Cybersecurity has been at a nascent stage for several states in the United States. With the California Consumer Privacy Act (CCPA) around the corner, you would imagine that other states are sprucing up cybersecurity in their region and are catching up with the compliance norms. But the reality paints a stark different picture.
In a recent cybersecurity audit undertaken by the office of the state auditor of Mississippi, it was found that a sizable number of state’s agencies are regularly failing to comply with the cybersecurity protocols. These protocols which were devised in 2018 is called the Mississippi Enterprise Security program was aimed at building cooperation among agencies on defense and cybersecurity.
According to the survey by Office of State Auditor Shad White, several state agencies, boards, commissions, and universities have failed to comply with cybersecurity laws and regulations in the region leaving the data of citizens of Mississippi vulnerable.
The survey pointed out that over half of all respondents are less than 75 percent compliant with cybersecurity laws and regulations of the state. The report also pointed out that several state entities care a hoot for cybersecurity laws in the region.
The condition of cybersecurity is so dire in the region that out of 125 state agencies, boards, commissions, and universities which Auditor’s office sent a cybersecurity survey to, only 71 cared to reply, even here several agencies did not even complete the survey leaving the state of cybersecurity in nearly 50 state agencies in complete jeopardy.
Even among the ones who responded, nearly 11 percent of agencies do not have an adequately stated procedure to prevent or even recover from a cybersecurity incident. The region has also mandated vulnerability assessment from third parties, which nearly 22 percent of the responder agencies haven’t executed. It was also found that 38 percent of the respondents who deal with sensitive information like healthcare data, tax data, and student data haven’t even initiated the first-level encryption.
“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” said Auditor Shad White. “October is cybersecurity awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system. I personally have seen screenshots of other states’ private data on the dark web, and we do not need Mississippians’ personal information leaking out in the same way. The time to act to prevent hacking is now.”