News in English

Audit: Security faults found in nearly half of Kansas state and local entities

TOPEKA (KSNT) - Earlier this month, the Kansas Legislative Division of Post Audit (KSLPA) published a report finding nearly half of the 20 state and local entities it investigated had security faults from 2020 to 2022.

Entities that were audited regularly struggled with vulnerability remediation, incident response, security awareness training and specific IT system compliance, according to the report. The audit attributed the problems to two main issues: insufficient management oversight and lack of adequate IT resources.

"State and local entities could face significant consequences if hackers are able to access an entity’s network or confidential data because of poor security controls," KSLPA said in the conclusion of the report. "A significant security breach could disrupt an entity’s mission-critical work and their reputation would be sorely damaged."

According to the report:

  • 90% of entities did not adequately scan or patch their computers to keep them secure.
  • 57% of entities didn't have adequate incident response or did not appropriately test them.
  • 45% had significant management, contract, or policy-related weaknesses.
  • 43% of entities didn't provide adequate security awareness training.
  • 24% had inadequate account security controls.
  • 19% did not adequately encrypt, back up, or destroy sensitive electronic data.
  • 10 of the 21 entities audited didn't fully comply with IT security standards and best practices.
  • A couple of entities did not adequately protect their network boundaries.
  • A couple of entities had poor access or environmental controls for their data centers.

The KSLPA audited the following entities:

  • Kansas Department of Transportation.
  • Kansas Department for Aging and Disability Services.
  • Department of Labor.
  • Kansas Public Employees Retirement System.
  • Kansas State University.
  • Wichita State University.
  • University of Kansas Medical Center.
  • Blue Valley School District #229.
  • Kansas Board of Regents.
  • Kansas Department of Revenue.
  • Emporia School District #253.
  • Department of Agriculture.
  • Seaman School District #345.
  • Great Bend School District #428.
  • Kansas Judiciary.
  • Parsons State Hospital.
  • Office of the Attorney General.
  • Topeka Correctional Facility.
  • Kansas Racing and Game Commission.
  • Board of Healing Arts.

Every three years the KSLPA conducts a risk assessment on selected state agencies. According to the KSLPA, the contents of the individual reports are kept confidential to prevent jeopardizing the entity's security.

In October of last year, Kansas was asked to pay a ransom for a foreign cyberattack that crippled court systems statewide. Kansas Governor Laura Kelly confirmed the details in an interview with Nexstar Kansas Capitol Bureau Chief Rebekah Chung. Chief Justice Marla Luckert later came out saying Kansas was the target of a Russia-based ransomware group.

Lukert said the state didn’t pay Russian hackers to restore the court systems.

For more local news, click here. Keep up with the latest breaking news in northeast Kansas by downloading our mobile app and by signing up for our news email alerts. Sign up for our Storm Track Weather app by clicking here

Читайте на 123ru.net