The Colorado Department of Transportation found themselves in the unfortunate position of being a poster child for the growing sophistication of the ransomware threat earlier this year. In late February, the agency took its computers offline as a result of a bitcoin demand, refusing to pay the ransom. But after the initial threat was wiped and computers began to be brought back online, a variation of the SamSam ransomware was discovered.
At the annual National Association of State Chief Information Officers (NASCIO) conference last week, GT talked to Colorado Chief Technology Officer David McCurdy about the challenges of staying ahead of an increasingly sophisticated set of threats. And while the state has greatly increased its attention on and investment in a comprehensive cybersecurity strategy, McCurdy is quick to point out that it's not foolproof.
"About six years ago, the state cybersecurity budget statewide was about $7,000," McCurdy said, adding that there was some additional money at the agency level, but a central, strategic program was not yet in place. Several years on, he's confident that the state is in a much better position, thanks to support from Gov. John Hickenlooper and the Legislature.
"There's no dollar figure that will say the state is 100 percent protected, but what you're trying to do is put in layers of security, trying to keep up with technology."