Dave Sobel: I talk a lot about cybersecurity on the show. I've been talking a lot about federal engagement. But you think that there's a lot more action at the SLED level -- that state, local government and education level. Tell me why you think there's so much action at that level right now?
John Zanni: It's a great point and I appreciate you asking me that. We all know the federal government is a target of attack from bad actors, especially certain nation-states. What a lot of these cities and states don't understand, and small hospitals and even nonprofits, is that because of the way the bad actors go after these entities with ransomware for example, or malware, or now what they call 'killware,' it's done in a programmatic way, which means there's really little cost for them to go after thousands or tens of thousands of entities. As long as they succeed in a number of them, even if they don't get a lot of money per agent, agency or per group, it ends up being a significant source of revenue for them. And I use that term because they do run it like a business. They look at return on investment. The other advantage is that a lot of these cases, the infrastructure is not up to date. You might have a part-time IT person managing that infrastructure for a local, small city. They're just a prime target of getting thousands or tens of thousands of dollars over and over again, instead of trying to go for the big $10 million or $50 million payout.
Sobel: They look a lot like small businesses really. That's what they end up looking like, right?
Zanni: Exactly, except more complex. You take the state of Arizona, for example. It is a federated system. Some of the city budgets come from the state. Some of it they have to supply themselves. School districts are the same. Take a K-12 school district; they have other items that they need to assign those budgets to, for example omicron.
Sobel: When you're working with these, how much are you finding that these organizations try and do it themselves with an internal IT department and how much are they doing it with external contractors and vendors?
Zanni: It's a mix. It really just depends who you talk to. What I'm seeing is the smaller the city or the smaller the entity, it seems like more that they just have a trusted IT provider that might be supporting multiple 3,000 to 5,000 person cities or 50 doctors' offices. And they don't understand that there are tools out there that could help them be much more effective, especially through managed service providers that provide full IT services that'll help them be protected.
About the Author
