As you may have read, the same threat actors that compromised the FBI director’s personal accounts, have reportedly hacked St. Joseph County, IN. The county is now trying to assess the damage and the path to recovery.
These hackers present challenges to IT and security staff managing systems that are segmented, offsite, and often partially hosted in the cloud. The hackers typically enter an environment with compromised credentials, then lurk and look before taking action and damaging systems and data For state and local governments, often with limited resources, these breaches can have tremendously negative consequences.
For state and local governments, often operating with limited resources, legacy systems, and expanding digital infrastructure, these breaches can have tremendously negative consequences. The impact goes beyond data loss. It can disrupt essential public services, compromise constituent trust, and create recovery costs that strain already tight budgets.
Given the threat these hackers represent to state and local governments, we are urging our clients and contacts in this community to take three immediate steps.
Make sure your backups are current, secured, and recoverable. In a ransomware scenario, backups are your last line of defense. If they are outdated, improperly stored, or have not been tested for recovery, they may not be there when you need them most.
Review privileged accounts, permissions, and any recent changes. Credential-based attacks rely on gaining access to accounts with elevated privileges. If permissions have expanded without clear justification, or if service accounts have not been audited recently, those are the gaps attackers will exploit.
Look into any anomalous and unresolved issues over the past month. Attackers who use the lurk-and-act approach count on the fact that small irregularities get dismissed or deprioritized. A login from an unusual location, a configuration change that nobody claims, or a spike in outbound traffic that went unexplained could be early indicators of compromise.
State and local governments face a distinct set of cybersecurity challenges. Many operate with a mix of legacy and modern systems across multiple departments and locations. IT teams are often small and responsible for a broad range of services, from public safety and emergency response to administrative systems and citizen-facing applications. The attack surface is wide, the resources are constrained, and the stakes are high.
At the same time, government entities are increasingly targeted by politically motivated threat actors and ransomware groups who know that public pressure to restore services creates leverage. We have seen this firsthand with our government customers, including a major Indiana municipality that faced a $500,000 ransomware demand. In that case, our platform was deployed in two hours, provided full visibility within 24 hours, and restored critical systems with 24/7 managed SOC support.
The common thread across these incidents is the same: organizations that lack complete visibility into their environments cannot detect credential-based threats, lateral movement, or the subtle signs of compromise that precede an attack. That is exactly the gap that Exposure Management is designed to close.
Our Exposure Management platform provides state and local governments with complete visibility across their entire environment, including on-prem, cloud, OT, IoT, and connected assets. Through agentless discovery, we identify every device and connection on the network without requiring hardware installs or software agents. This is critical for government environments where legacy systems and multi-site complexity make traditional agent-based approaches impractical.
From there, our platform applies AI-powered analytics and NIST Cybersecurity Framework-aligned risk scoring to prioritize the most critical threats. Our 24/7 SOC provides continuous monitoring, detection, and response, functioning as an extension of your team. For government organizations operating with lean IT staff, this means around-the-clock protection without the cost and complexity of building an internal SOC.
We have helped government customers reduce spend by eliminating redundant tools, improve security posture measurably, and achieve compliance with frameworks like NIST and CMMC. One Wisconsin county government saved over $260,000 through tool consolidation and improved compliance readiness alone.
As part of our commitment to this important market, we recently joined GMIS, an association of local government information technology professionals dedicated to fostering an environment of sharing as it relates to topics affecting the rapidly changing world of technology in the public sector. This enables us to share the value of complete visibility and proactive cybersecurity with IT leaders in critical positions.
We will be at the upcoming GIANTS conference, April 19 to 23 in Bloomington, IL. If you are a government IT or security leader navigating the challenges of protecting your environment with limited resources, we would welcome the chance to connect. Whether you are responding to an active concern or looking to build a more proactive security posture, our team will be available to discuss how complete visibility and exposure management can support your mission.
Contact us if you have questions or need support. We look forward to seeing you at the GIANTS event in a few weeks.