Why Municipals Need Better Security Measures in Place Today
Information management across municipal government has come a long way since forty years ago when all data was handwritten on forms and filed away in metal cabinets!
Although improvements in technology have resulted in cost efficiencies and made it easier than ever to offer a range of services to citizens, this has come at a price. Cybercriminals are using this opportunity to exploit weaknesses in security policies and either make money from organizations through ransomware or severely disrupt operations.
In this article, we will look at why criminals find the municipal government sector so enticing, and what government organizations can do to protect themselves against attacks.
What is ransomware?
Ransomware is a subset of malicious software (also known as ‘malware’) that when activated, encrypts files on a computer or server, restricting access to the information in those files. The attacker then demands money in order to restore access.
The fee that needs to be paid varies from attack to attack and can be anything from a few hundred dollars to a seven-figure sum. 98% of ransomware attacks request payment by Bitcoin.
Paying the ransom does not always guarantee access to data. In fact, less than half of those who pay the criminals get their information back. Some criminals instigate ransomware attacks knowing full well that they will not be able to restore files back to their original state.
There are different ways that ransomware can get onto a computer, with the most common method being through a phishing email. An unsuspecting user will click on a document in an email, installing the ransomware onto their computer. Hackers can also compromise a website with malicious code, scanning a visitor’s system for any potential vulnerabilities and injecting the software.
You may think that ransomware is a new development, however did you know that the concept is actually over thirty years old?
The first reported case was a floppy disk that came with a computer magazine in 1989. Users thought they were accessing a quiz. However, when they opened the file, it encrypted the root directory of their computer and told users to post $189 to an address in Panama to put it right. The doctor behind the scam claimed that he was going to use the money to fund research into AIDS and HIV.
Examples of ransomware in action
It’s estimated that last year 174 ransomware attacks took place against government bodies, with many more unsuccessful ones attempted.
Here are some examples of cyberattacks that have recently happened across the country:
- A Florida county’s election office was affected in 2016, weeks before the presidential election. The attack only came to light in 2020. Five other government networks in Florida were affected in 2019, as well as a County Sheriff’s office
- In 2018, Atlanta suffered a massive ransomware attack, with cyber criminals demanding $51,000 to return data safely. City officials ended up having to fill forms in by hand during this time, and it is estimated that nearly $3 million was spent trying to recover services
- A ransomware attack brought down systems managed by the Louisiana State Government in 2019, with a state of emergency declared. Interestingly Louisiana is one of a handful of states with procedures in place for dealing with cyberattacks, with the Louisiana Cybersecurity Commission established in 2017
- In the summer of 2019, 23 local Texas governments were compromised by the Sodinokibi ransomware virus
Should government organizations pay the ransom?
Although some government organizations go ahead and pay the ransom, others agree not to. It is estimated that about 58% of affected organizations pay the cybercriminals.
As mentioned before, payment is no guarantee that the hackers will return your files. There is also the fear that those who do pay will be put on a ‘easy target list’ and targeted again in the future.
Why do cybercriminals target the municipal government sector?
With so many lucrative targets available, why are hackers so keen to attack municipal organizations? Here are some of the reasons why this is the case.
- As these type of organizations offer critical services to vulnerable people, there is a higher degree of urgency to restore access, especially if lives are potentially at risk
- There are a wide range of access points. The government sector is large and there are a vast selection of endpoints, from the computers in government official’s offices and libraries through to the equipment in police cars. This means more targets to exploit
- Some Government entities find themselves using older technology and systems due to lack of budget, making them more vulnerable to attack
- Similarly, as there is less budget, government organizations can find themselves with smaller, less-experienced IT teams
- This sector holds a lot of data on citizens, including address, date of birth as well as bank and credit card details. This information is hugely lucrative if it falls into the wrong hands and could be sold on the global black market
Due to all of the factors above, cybercriminals can exploit the situation and end up asking government organizations for even more money. In 2019 governments ended up paying ten times more in ransomware demands than their private-sector counterparts.
What can municipal governments do to reduce their risks?
If you are responsible for a government organization or utility company, how can you prevent hackers from holding your data for ransom?
Although it may feel like an impossible challenge, there are several simple steps you can take to protect not only your staff, but the citizens you serve.
- Review your systems architecture: Auditing your existing systems will help you identify potential flaws and how you can fix them to make it harder for cybercriminals to compromise your organization. Preparing for an accreditation like SOC2 or ISO 27001 can allow your IT team to identify weak spots in your systems, as well as provide the citizens you offer services to peace of mind in your processes.
- Hire the right staff: Cybersecurity is a growing industry, and it is essential you get the best talent in your team to protect your systems in case of an emergency. It’s essential to have someone available who can not only identify potential flaws in your systems, but get them fixed too. You need either an individual or team with experience in penetration testing (also known as ‘ethical hacking’) as well as cybersecurity.
- Keep your systems up to date: Your IT team needs to ensure that all of your systems are patched and updated regularly, and that all computers have the latest anti-virus software on them. An updated system will be less vulnerable to attack. All endpoints need to be updated. All it takes is one weak link in the chain to cause a problem. If you allow staff to use their own devices, you need to take this into consideration too.
- Backup your information: Keeping a copy of your most important data available will ensure that if the worse happens, you can keep operating without disruption. Ensure your most critical data is stored in isolation and is not connected to anything externally. This is known as ‘airlocking’ your data and will help keep it secure.
- Have a contingency plan: You’d have a plan in place if there were an earthquake or tornado, so you need to have a plan in place for a cyberattack. Determine all of the details at top level. Who would be involved in putting the issue right? What would you tell the public? How would you ensure essential services could still operate? Test your plan on a regular basis and make changes as appropriate.
- Make all employees aware of the part they play: About 15% of the US population work in national, federal or local government. Even though they don’t all need to know how to avert a cyberattack, they do all need to be aware of the risks of one. 95% of cybersecurity breaches happen because of human error, so you need to train and brief all staff on a regular basis. For example, tell them how to identify a suspicious email, how to protect confidential data and how to report something that doesn’t look quite right on their computer.
- INSIST that all of your vendors follow these same principles and that the software and services they provide you are not the source of vulnerabilities.
In summary
Unfortunately, cyberattacks are here to stay, and ransomware attacks continue to cause issues across the whole of the US, as well as the world.
Even with the pandemic, cases of ransomware in 2020 have increased. This is because of government employees working from home and being more vulnerable to security issues as a result.
It is vital that all levels of government, including utilities, not only proactively prepare against any attacks, but know how to react in a worst-case scenario.
Sources:
- https://www2.deloitte.com/uk/en/insights/industry/public-sector/government-ransomware-attacks.html
- https://www.zdnet.com/article/why-are-governments-so-vulnerable-to-ransomware-attacks/
- https://www.infosecurity-magazine.com/news/local-government-targeted/
- https://www.darkreading.com/attacks-breaches/ransomware-increasingly-targeting-small-governments/d/d-id/1337297
- https://www.thinkdigitalpartners.com/news/2020/08/28/local-governments-biggest-target-of-ransomware-attacks-in-2020/
- https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2019-the-year-ransomware-targeted-state–local-governments.html
- https://www.itproportal.com/features/ransomware-local-government-in-the-firing-line/
- https://www.nextgov.com/cybersecurity/2020/08/ransomware-attacks-demanding-larger-payouts-local-governments/168065/
- https://us.norton.com/internetsecurity-emerging-threats-ransomware-attacks-targeting-governments.html
- https://thehill.com/opinion/cybersecurity/477654-ransomware-time-for-the-government-to-act
- https://www.msspalert.com/cybersecurity-research/municipality-ransomware-attacks-2019/