Illinois will require state employees to undergo cybersecurity training, according to state Chief Information Security Officer Kirk Lonbom. “Ninety-one percent of cyber attacks start with an email from someone who is portraying themselves of being legitimate. This is referred to as a phishing email,” said Lonbom. “These phishing emails can result in infections of entire networks, ransomware and stolen passwords.”
Yesterday, Governor Bruce Rauner signed House Bill 2371 at the Department of Innovation & Technology in the Thompson Center. “Employees are our first line of defense,” Rauner said. “Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois’ services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.”
According to investigators, the State Board of Elections faced a cyber breach last summer, with hackers attempting to delete or alter voter data; although they managed to download data on roughly 90,000 voters. The new law makes Illinois the 15th U.S. state to issue a mandatory cybersecurity awareness training for state employees.
The state’s Department of Innovation & Technology (DoIT) will implement the training program and recently released the State of Illinois Cybersecurity Strategy which includes securing information and IT systems, reducing cyber risk, providing best-in-class cybersecurity capabilities, and ensuring an enterprise approach to cybersecurity. “It is very important that our employees become the first line of defense when it comes to cybersecurity, as it comes to making sure our environment is safe. They will be important tools to recognize any threats,” said Hardik Bhatt, DoIT secretary designate and chief digital officer. “We’ve already trained 95 percent of our executive branch employees.”