Back to basics: Cybersecurity starts at the service desk

The digital revolution has dramatically increased the efficiency of government services. Citizens now schedule bills, pay traffic tickets and file their taxes online. However, modernization also potentially exposes cities and their residents to new vulnerabilities.

Cyber criminals covet sensitive data and personally identifiable information. The combination of confidential data and an unstable mix of emerging technologies and legacy digital infrastructures creates the perfect storm for ransomware hackers and denial-of-service attacks.

While cybersecurity in government organizations is an important internal concern, the sensitive data they store also makes it a matter of public safety. That’s why agencies are doing their best to mitigate risk by investing in top-of-the-line cybersecurity technology. In fact, the 2019 federal  cybersecurity budget is a proposed $15 billion, more than a 4% increase from the previous year, and roughly 18% to 20% of the entire federal IT budget.

With the average cost of a successful cyber breach close to $8 million, these security costs are necessary but pricey investments. As technology continues to evolve, so do hackers. It’s time for public-sector leaders to evaluate their long-term cybersecurity strategies.

Back to basics

The public sector is responsible for processing a high volume of sensitive data and must pursue cyber defense strategies on a grand scale informed by an intelligent plan. Taking a project-based approach allows the application of tested methodologies to the overarching goal of keeping critical applications and data secure. Organizations should identify stakeholders, key services, manage velocity and complete iterations with retrospectives.

Additionally, managing the services and assets that support cybersecurity is critical and should be in scope with the organization’s approach. Mastering employee IT service requests and securing employee assets is the tried-and-true first line of defense against an attack. Neglecting IT service management (ITSM) basics in the scope of large, overarching cybersecurity strategies creates an unstable digital environment for all employees.

Artificial intelligence and the service desk 

If base IT processes are neglected when funneling funds into large-scale cybersecurity tactics, public sector leaders risk making their agencies and employees more vulnerable to cybersecurity issues. Under pressure to improve resolution times, IT technicians rush to provide solutions on disparate legacy IT systems. Their desire to quickly drive results paired with an outdated service application means security vulnerabilities have the potential to easily slip through the cracks. In 2019, effective cybersecurity strategy requires an end-to-end approach. Public-sector IT leaders must invest in modern and efficient ITSM infrastructures that support employees’ IT needs and includes the following two features:

2. Automation and AI-powered suggestions. As the public sector continues to digitize, it becomes increasingly difficult for technicians to parse through requests and separate serious threats from minor problems. With a constant stream of alerts, service desk technicians struggle to give each request more than only passing attention.

Automation makes it easy for technicians to focus their talents on resolving issues. A modern service platform uses automation to power workflows, routing and prioritizing tickets to ensure they get to the appropriate team members quickly. Artificial intelligence facilitates this process by helping requesters provide accurate categories and subcategories, guiding them to self-service solutions for low-level tasks (like resetting passwords and locating files) and identifying critical requests (indicating more high-level issues and security threats) for technicians to solve, ensuring they receive the attention necessary for mitigating risk.

When smaller vulnerabilities are resolved efficiently with AI and automation, there is a twofold benefit. First, employee assets remain up-to-date and secure. Second, automation drastically reduces resolution times for common IT issues, providing faster and more effective service to the majority of stakeholders of those systems. On a broader level, it’s estimated that AI could free up nearly 30% of public-sector work time within five to seven years.

2. Documentation and reporting. It’s difficult to analyze greater IT trends and security concerns when visibility is limited to the individual request level. While one person requesting access to a file might be harmless, a sudden influx of access requests may signal something more significant. However, technicians and IT leaders trying to keep up with resolving individual issues can miss the signs of bad actors at play. Greater visibility into high-level IT issues and trends requires a service desk with documentation capabilities.

Documenting and recording information takes up 10% of public-sector work hours, but modern service desks can automatically record information from requests and make inferences about the insights captured. Reports are easily accessible and let the team inform key stakeholders about department operations and any cybersecurity concerns that arise.

Deeper visibility also provides technicians with information on the devices and platforms that stakeholders access on a daily basis, clueing them into which assets consistently underperform or are vulnerable to breaches. But it also allows for greater security regarding the assets themselves. With documentation of the past service requests and asset information, if a new ticket appears that doesn’t match past information, the system flags it as a potential threat and gives the ticket an extra layer of scrutiny.

The service desk is at the core of digital transformation

Security remains a top priority for public-sector IT leaders. But an effective, efficient service desk is often an overlooked asset that supports the greater IT security infrastructure. As the public sector continues to modernize, digital support requires a tool that automates requests and documents their trends. With the extra efficiency and reporting support, technicians are free to focus on high-level cybersecurity strategy, thwarting criminals and protecting citizens' information.