Minnesota legislature increases investment in cybersecurity for state government, schools
ST. PAUL, Minn. – Minnesotans' personal information is a coveted prize for digital thieves. One entry point to get it: state government.
It's why the office tasked with handling IT systems for the state working on a "whole of state" plan to get all areas of state and local government entities on the same page and enhance security in the wake of increased threats.
State lawmakers this year earmarked millions for the effort to match federal funds in the federal infrastructure law specifically for cybersecurity.
RELATED: Cybersecurity expert says finding culprits in MPS hack will be "very difficult, if not impossible"
The financial support has grown in recent years, said John Israel, assistant commissioner and chief information security officer for Minnesota IT Services, the state agency.
"For better or for worse, IT is not necessarily always cheap, and the cybersecurity threats and investments just has not been there in the past," Israel said. "I think is an exciting opportunity to continue to invest, to reduce that threat landscape, reduce the impact of future events and incidents and position ourselves better as a state."
The issue is top of mind in Minnesota this year, after a data breach at Minneapolis Public Schools exposed sensitive information of teachers, students and school vendors dating back years. Student data at the Minnesota Department of Education was also compromised in a larger attack on a third-party software it uses.
The legislature approved $24 million for a grant program so school districts can boost cybersecurity and physical building vulnerabilities. It also authorized the use of existing "safe to school" revenue, used for safety needs, for digital safety upgrades.
RELATED: How hackers gained access to Minnesota Department of Education data
Minnesota IT Services investigated over 1,000 cybersecurity incidents in 2022, according to its annual report. That has declined over the last three years and state officials attribute that decrease to increased investments in detection and response, state employee response and multi-factor authentication.
Seventy-eight of the security issues arose at schools and universities.
A separate law change makes clear that a governor can call a peacetime emergency for a cyberattack.
"When a cyberattack hits, every minute counts," Israel said. "So being able to quickly respond, and understand and clarify those authorities so that we know that if it's needed -- if we get to that level of an event -- the governor can step in."
MORE NEWS: Cyber thieves target new victims with more sophisticated card-skimming devices
Mark Lanterman, chief technology officer for Computer Forensic Services and former member of the U.S. Secret Service Electronic Crimes Taskforce, said the increased investment by the state and federal governments is important, but robust training of employees is just as essential.
"I believe our cybersecurity problems have very little to do with cybersecurity. I think it has to do with a lack of training," Lanterman said. "In the majority of the cases that I've investigated, it turns out that an employee was tricked into clicking on a link that downloaded malware which then compromised the organization," he said.
Both Lanterman and Israel advise Minnesotans to take their personal data seriously and take steps to protect it and monitor all accounts with sensitive information.