Missouri State Auditor Urges State to Take Cyber Threats Seriously and Improve Employee Training

The recent cyber attacks in Kansas City have prompted Missouri State Auditor Scott Fitzpatrick to release a new report emphasizing the importance of taking cyber threats seriously. The report highlighted the need for state employees to be trained on how to protect resources from potential cyber attacks.

The audit focused on 34 state government entities with over 50,000 employees and found that there was a lack of oversight in awareness training efforts. Approximately 20% of employees did not complete any security awareness training during the test period, despite the requirement for all employees to complete monthly training.

Fitzpatrick stressed the importance of making security awareness training a key component of the state’s culture to prevent scams and phishing attempts. The report recommended that the Office of Administration Information Technology Services Division update its security awareness training policy to include oversight procedures to ensure employees are completing their training.

ITSD has agreed with the recommendation and is working to implement the changes. The state has already taken steps to improve security awareness training for employees in light of the recent cyber attacks in the Kansas City area.