State, local, and education (SLED) agencies face an escalating wave of cyber threats, threatening both sensitive citizen data and critical public services. According to the Center for Internet Security, malware attacks on state and local agencies increased 148% in 2023, while ransomware attacks rose by more than 50%. And the U.S. Department of Education reported that school districts suffer an average of 5 cyberattacks per week.

This threat environment is expanding while funding is shrinking in many jurisdictions: indeed, state budgets are expected to drop more than 6% in 2025, which translates into a $1.22 trillion reduction from 2024 levels. 

Given this perfect storm of rising threats and diminishing resources, SLED agencies will need a new approach for battling cyberthreats—an approach that extends beyond traditional tactics that emphasize perimeter defense. Indeed, the need for cyber resilience has never been more urgent and prevention is simply no longer enough.  

At the 2024 Rubrik Public Sector Summit, government and industry leaders discussed how to secure critical data, recover from cyberattacks, and build a culture of cyber resilience to ensure mission continuity. Throughout the event, leaders shared meaningful insights that emphasized the need to shift agency culture from reactive to ready and move beyond threat prevention to incorporate plans for rapid data backup and recovery.   

Safeguarding Critical Infrastructure  

During the “Optimizing Critical Infrastructure Continuity” panel, speakers examined ways essential service providers can recover from a cyberattack quickly, ensure operational continuity, and provide citizens the support they expect.

Defending critical infrastructure from cyber threats is an immense challenge, to say the least. State-sponsored actors perpetually look to infiltrate critical infrastructure for destructive attacks, resulting in an astonishing 70% increase in attacks on utilities, for example, in 2024. What can be done to combat these adversaries and keep SLED organizations secure?  

Users are often seen as the “weakest links” of many agencies, so paying close attention to them is vital to ensuring operational continuity. But agencies should not place the burden of defense on users themselves; rather, provide them with the proper resources to ensure they can recognize malicious actors and potential signs of attack.   

It is also important for SLED organizations to understand the data within their systems: types, amounts, sensitivities. Additionally, taking advantage of grant funding and other available resources can allow agencies to improve their overall cyber posture. Developing strong resiliency and recovery plans is important; continuously practicing and reviewing these plans will ensure SLED organizations are truly prepared in the likely event of an attack.   

Whole-Of-State Collaboration  

In the “Strengthening State and Local Cybersecurity Through Collaborative Strategies” session, state IT leaders discussed how they have leaned on collaboration and a whole-of-state approach to build robust cyber strategies across a variety of state organizations.   

Ongoing resourcing challenges across state and local government have made it difficult to keep pace with dynamic cyber threats and remain secure. Though certain cyber services may be provided to agencies free of charge, the personnel leading these initiatives are not, and many agencies cannot afford to hire support. Just how can IT leaders lessen the cybersecurity burden for these agencies?  

To start, they can determine the individual support each agency needs. Regularly engaging with stakeholders (keeping in mind that all agencies are unique in their infrastructure maturity) ensures a solid understanding of challenges and the services required to support agency missions. When building a cyber strategy, be sure to consider the vast interconnectedness of all programs.  

A whole-of-state approach encourages collaboration and data sharing across state and local agencies, allowing for the increased protection and resiliency of vital systems. It must work to foster trust and leave paths of communication wide open for collaboration on issues and ideas.  

Plan for attacks as if they’ll happen, aiming for the least impact possible on agencies and their broader communities. Regardless of agency maturity, solutions that are native and cloud-based can best protect against adversaries. Push for agencies to implement industry best practices but realize that a plan can only go so far. Work directly with agencies to implement these plans and check in on them regularly. Ensuring cybersecurity programs are sustainable is key to success.   

At the end of the day, a whole-of-state approach encompasses all vital entities (schools, counties, hospitals, critical infrastructure, etc.) in one large ecosystem. Discussing best practices across this entire ecosystem will bring the community together and bolster all entities’ security posture.  

Plan to Fail  

The “Highlighting Best Practices for Cyberattack Recovery” panel shared real-world lessons learned recovering from cyberattacks, homing in on the urgency of identifying and remediating compromised data.  

Of course, effective planning is key to any solid recovery effort. Identify critical services that must remain on during recovery. Look to established cybersecurity frameworks for guidance and take a holistic approach to data management. Learn from cyberattacks and use them as opportunities to improve resiliency.

Creating an actionable, technical defense plan will aid continuity efforts. It takes an army to build a culture of cyber resiliency; include the full team in discussions and regularly hold security education sessions.   

Building Resilience in 2025

Threats to SLED look to intensify in 2025, if recent news about increased threats from Volt Typhoon, a China-based cyber espionage group, are any indication. To build a successful resilience strategy, SLED organizations must proactively work on reducing risk exposure, managing supply chain risks, and maintaining the integrity of critical unstructured data. By using air-gapped, immutable backups and sensitive data monitoring, SLED organizations can facilitate rapid recovery.  

Agencies must prioritize building a culture of cyber resiliency to ensure mission continuity despite dynamic threat actors. Catch up on all of the insightful sessions from the Rubrik Public Sector Summit on-demand here.