That’s the plan, anyway, of a new partnership with the National Association of Counties, according to Charlie Moskowitz, the vice president of policy and government affairs for SecurityScorecard, a cybersecurity ratings company founded in 2013. The association's members now get access to the company’s cybersecurity ratings platform for monitoring and improving cybersecurity risk.
The general idea is to offer cybersecurity data in a way that allows a wider and quicker view of that risk.
“Through this partnership, we're giving every county the opportunity to see their complete attack surface — not just the holes in their own assets, but the vulnerabilities from their third-party vendors and supply chain — allowing them to prioritize the areas of their cybersecurity most in need of shoring up,” Moskowitz told Government Technology via an email interview. “The nature of the cybersecurity threat is too dynamic — and attack surfaces change by the day, if not the hour — to continue relying on point-in-time assessments” such as audits and security questionnaires.
As counties improve their technology they are also having to spend more time and money on cybersecurity, as a recent survey of U.S. counties shows in depth.
Election security, data leaks and ransomware stand as some of the main concerns for counties and other public agencies when it comes to cybersecurity, and all signs point to bigger worries down the road.
As for SecurityScorecard, the company says its platform keeps check of “global threat signals” and helps clients perform cybersecurity self-assessments, providing ratings about risk factors.
This new partnership builds upon a pilot that involved 35 counties, Moskowitz said, with almost all of them seeing their security scores improved after using the tool; implying reduced chances of a breach.
He said SecurityScorecard already has a similar deal with the Conference of State Bank Supervisors which gives cybersecurity risk data to 54 state and territorial bank regulators. The company also has relationships with other organizations.
As for the National Association of Counties, the group now has a free enterprise license for SecurityScorecard, and association members can receive free self-monitoring, Moskowitz said.
Those members also are eligible for instant cyber risk assessments, a free score planner, specific training on the platform and use cases — including information on how to lower cyber insurance premiums — discount pricing bundles, twice-a-month office hours with SecurityScorecard, and county-specific unclassified threat briefings.