In an article published in Security Magazine on October 14, Roy Hadley discusses cybersecurity practices for public-private partnerships.
As cyber attacks and ransomware attacks against municipalities and other public agencies become increasingly more common, it is imperative that public-private partnerships are not overlooked.
Public-private partnerships create a unique challenge from a security standpoint since both the public partner and the private partner are collecting information. “As to the information collected, keeping it safe and secure is often a challenge because of the number of partners involved. Moreover, the partnership or entity created may share resources from the various partners. These types of arrangements can potentially create “gaps” in cybersecurity that can be exploited by bad actors,” Roy explained.
There are a number of best practices that public-private partnerships can implement to create a culture of security including policies and procedures, personnel training, disaster recovery plans and cyber insurance.
The question is not if an attack will hit, but when. The most detrimental assumption that can be made is that someone else is responsible for cybersecurity. Public-private partnerships can be much more prepared for an inevitable attack if they have proper planning, execution and training in place.