In 2012, for example, both Utah and South Carolina suffered high-profile -- and expensive -- hacks.
Aaron Mathes, Virginia's deputy secretary of technology, for example, said his state blocked 117 million cyber attacks in 2012. Without robust protections, any one of them could have been costly.
Security officials on a panel at Governing's Outlook in the States and Localities Conference also endorsed educational effort -- for state officials and the general public -- to help prevent attacks. One group in particular they discussed targeting for education: children.
David Behen, Michigan's Chief Information Officer, said that as a parent he'd like to see his kids learning more about online safety. "I'm the CIO for the state of Michigan, and I know their school isn't doing anything."
One of the the biggest cyber security threats to state and local governments come from "hacktivists," said Laura Iwan, senior director of cyber security operations at the Center for Internet Security.
She outlined steps state governments can take to reduce their risks.
"Everybody has good passwords, strong passwords, but the one thing we missed in our policies was telling people don't use the password outside the organization," Iwan said. If any number of an employees' personal accounts are compromised, so to could his access to the state network if they all have the same password.
There are also growing security concerns about risks associated with the "bring your own device" movement, as well as with cloud computing.
