4 Top Considerations for State and Local Agencies Looking to Protect Against Credential-Based Attacks

It’s more crucial than ever that government security systems and policies are prepared to take on threats. Here’s what types of attacks are on the rise — and what governments can do about it.


A simple click on a malicious link can have devastating effects on an organization — stolen credentials, compromised security or, worse yet, a complete standstill of computer systems held hostage by hackers.

In a time when agencies across the country are working facilitating more remote work than ever, state and local governments must take action to protect against credential-based threats, which can infiltrate networks via employee inboxes, unsafe WiFi networks and a variety of other vulnerable points.

Here are the top four things public sector IT leaders should know about these attacks and how to protect against them.

1. Governments Are Increasingly Targeted by Cyberthreats

Credential theft continues to be a major headache for organizations – and phishing is the most common technique to pilfer information. The 2019 Verizon Data Breach Investigations Report highlighted how 32% of over 41,685 security incidents in 2018 involved phishing and 29% entailed use of stolen credentials. Among government entities, phishing was the top method for attackers to gain access to information and data. Overall, 16% of all reported incidents were breaches of public sector entities.

With financial transactions and critical infrastructure information housed by state and local governments, it’s no wonder attackers are aiming their crosshairs there, said Stephen Gaul, solutions engineer at Okta, Inc., which has