October 2022
Volume 22, Number 10
From the CIO:
October is Cybersecurity Awareness Month. As information technology and information security professionals, cybersecurity is part of our DNA – it’s something we work with every day.
And we know that the threats posed by hackers and bad actors are ever changing and always growing. In 2021 alone, we reported nearly 34 million cyberattack attempts and over 600,000 malware threats on our executive branch systems in the Commonwealth, approximately one attack every second.
While cybersecurity has become a kitchen-table topic of sorts – you hear about cyber breaches and incidents all the time in the news – there’s still a lot about cybersecurity that we need to share with the residents of Virginia.
This month is a great opportunity to do that – and we are planning to take full advantage of the opportunity, providing information on our social media channels and through other communications channels on the basics – starting with news-you-can-use on passwords, phishing, multifactor authentication and more.
We look forward to working with all of you during Cybersecurity Awareness Month and beyond, as we collaborate and partner to keep the Commonwealth of Virginia connected and protected.
Sincerely,
Robert Osmond, Chief Information Officer of the Commonwealth
October is Cybersecurity Awareness Month: We're all in!
Gov. Youngkin has proclaimed that October is Cybersecurity Awareness Month in the Commonwealth of Virginia.
The campaign is designed to help raise cybersecurity awareness, offering tools and resources to help families and individuals protect themselves as threats to technology and confidential data become more commonplace.
Our theme this year for the Commonwealth is “We’re all in.” Join us!
Here's how you can get involved (information on VITA's website):
- Join the Twitter Chat on Oct. 12 at 2 p.m.
- Check out the calendar of events
- Access the campaign toolkits for:
- Localities
- Students
- Parents
- Educators
- Everyone
Partnerships and collaboration:
We are also collaborating with our state partners in sharing important messages about Cybersecurity Awareness Month, including Virginia Department of Education Chief Information Security Officer Diane Carnohan and Virginia Department of Behavioral Health and Developmental Services Chief Information Security Officer Glenn Schmitz.
You can also catch us in the media in Virginia. Chief Information Security Officer of the Commonwealth Michael Watson appeared on WTVR-6 in Richmond's "Virginia This Morning" on Oct. 5, where he shared critical cybersecurity safety tips.
For more information on Cybersecurity Awareness Month, visit the "Cyber Awareness" section on VITA’s website.
If you have a Cybersecurity Awareness Month event or item of interest that you’d like to let us know about, contact us at vitacomms@vita.virginia.gov.
Resources for Virginia's localities
VITA is making collaboration with our partners, especially at the local level, a focal point. We have collated resources specifically for localities in Virginia and combined them into one easy-to-use location on the VITA website.
The resources include information on everything from cyber awareness to training and employment.
Chief Information Security Officer of the Commonwealth Michael Watson spoke this week at the Virginia Municipal League annual conference in Richmond, participating in a panel focused on programs and services available to Virginia localities related to cybersecurity, emergency preparedness and data.
“It’s important that we participate in conferences like this one and take advantage of other opportunities to communicate with our local partners,” said Watson. “They really are the foundation of everything we do in Virginia. We want to be able to support them in their needs, and collaborate on programs and projects to benefit all our Virginia residents.”
Federal cybersecurity grants
As part of the federal Infrastructure Investment and Jobs Act of 2021, Virginia expects to receive federal cybersecurity grants to help state, local and tribal public bodies address gaps in government cybersecurity programs.
Driven by the increase in cyber threats, the grants do require states to cover a percentage of the costs with matching funds. To receive grants, states need to adopt and implement an effective cybersecurity plan through an intergovernmental planning committee. On Sept. 16, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) released the notice of funding opportunity and other awaited program documentation.
Earlier this year, the Virginia General Assembly appropriated the state matching funds (Item 93(F)). VITA, in collaboration with our partners including the Virginia Department of Emergency Management serving as the State Administrative Agency, is working on the multiple steps that must occur for a successful grant application, including forming the cybersecurity planning committee that will approve a cybersecurity plan and priorities.
Information security tips
This month’s information security tips focus on end-user training and tips to combat social engineering.
We like to think we can trust our co-workers to do the right thing, but this is not always the case. Some people become insider threats; that is, they use their authorized access to systems to harm their organization.
Find out what red flags you should watch for, and the steps you can take to keep systems safe.