Why Reaction Time is Imperative for Cybersecurity – A Look at Maricopa County
Earlier this month, we released our 2016 Government Cybersecurity Report where we listed the best and worst performing government organizations in cybersecurity across local, state, and federal levels. Government on all levels ranked last among all major industries largely due to their need to protect a substantial attack surface and layered IT infrastructure with minimal resources and budget.
While proactive security measures are important, reaction time is the most vital aspect of being able to protect an infrastructure from a potential security breach.
Maricopa County was included in the report because SecurityScorecard detected a number of security issues, which resulted in a low rating based on our scoring system. Once learning of the situation, Maricopa County quickly mobilized and immediately contacted us to gather details around the issues that were noted. They demonstrated a firm commitment to understanding our report and findings, as well as addressing any issues that posed a threat.
Working with SecurityScorecard and leveraging the detailed information the report was based on, Maricopa County was able to quickly take action, fix their issues, and garner significant improvements, in less than a week. Maricopa County is now one of the stronger performers at the local government level based on our ratings as a result of their quick work.
New vulnerabilities and patches are identified on an ongoing basis and hackers are moving quicker to capitalize on them. Maricopa County’s response to our report demonstrates that they have invested heavily in the ability to respond to incidents, based on the speed in which they were able to respond to the findings in our report. Additionally we found that their knowledge and skill set in understanding the full scope of our findings, was at a very advanced level.
Organizations should consider what it means to understand their threat profile, and to establish the ability to detect and mitigate their risk. We found that Maricopa County has made such an investment and were aware of potential threats to their institution. Mature organizations do a great job at detecting threats to their environment and also have the ability to quickly respond to exposures before they can be exploited. Maricopa County has a capable and robust cybersecurity program as demonstrated by their response and depth of knowledge.
“The real indicator of maturity of an information security program is directly related to the speed at which an organization can respond to a new vulnerability”, said Paul Poh, CTO of SecurityScorecard. “Maricopa County’s ability to quickly remediate the findings we noted, in less than 7 days, speaks volumes to the security maturity of their InfoSec program. Maricopa County has invested in a program that can ensure the resilience of their infrastructure and understands the potential risk that Cybersecurity vulnerabilities present, based on our observation of their response to our report.”