"I think it's a reminder that the threats that our IT infrastructure face evolve on a daily basis," Karen Geduldig, deputy chief information officer for New York state, told Government Technology. "It's a reminder to be vigilant and to constantly re-assess what those threats are and how we can better protect ourselves."
New Jersey CTO Dave Weinstein pointed out that the Deloitte breach, in which the email administrator didn't have two-factor authentication, helped convince some state staff that the extra effort in the name of security was actually worth it. It can be a hard sell to end users.
"That was a good news story for us, because we recently implemented two-factor authentication across the entire executive branch, so in some respects, it was validating," Weinstein said. "All the agencies that complained about how difficult it is to get into their email are now feeling a little more secure in light of those incidents."
Citing a study conducted by Dell earlier this year, Nebraska CIO Ed Toner noted how common the leakage of sensitive information actually is: "72 percent of employees are willing to share sensitive, confidential or regulated company information," the study reads.
Here, Toner outlines his approach in Nebraska to better safeguard citizen data and preserve the reputation of state IT through solid cybersecurity practices. One component of his strategy is to block certain tools popular among employees, but not before giving them secure tools with the same functionality. "You can't block the avenues until you give them the right tools to do their job," he said.