Governmental entities would be required to take simple steps to increase their cybersecurity efforts amid a years-long rash of ransomware cases and cyberattacks affecting thousands of municipalities across the country in recent years.
A measure backed state Sen. Kristen Gonzalez would require governments in New York state to use multifactor authentication for local and remote access to networks. The measure would also require public websites to encrypt exchanges and comply with basic privacy standards.
The measure cleared the Senate Internet and Technology Committee on Monday.
"Cyber-attacks are on the rise, and state entities are an increasingly frequent target. New Yorkers should never have to fear that the state government will lose access to its systems because of an attack," Gonzalez said. "Multifactor Authentication is a cost effective way to improve our cybersecurity preparedness; it is 99.9% more unlikely for an account to be compromised when MFA is used. We know that attacks aren’t going away; increasing our preparedness by using MFA is one of the best ways we can protect our state government.”
Cyberattacks have been on the rise across the country, affecting schools and governments alike. There have been more than 36,000 ransomware attacks in the U.S. since 2017, Gonzalez said. Hundreds of attacks are attempted on New York state entities, she said.
The attacks can be deeply disruptive to the affected targets.
A 2022 attack left Suffolk County's government off line for weeks and disabled email access for public workers.