https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Commentaries


Protecting your state and local government against ransomware attacks

Protecting your state and local government against ransomware attacks

  • Written by Callie Guenther
  • 18th September 2019

Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems. A few recent attacks making headlines: Lake City, Fla., a community of about 12,000 people, paid roughly $462,000 in bitcoins following a ransomware attack. This follows up well-publicized attacks of the city of Baltimore, which has been repeatedly victimized within the past year by ransomware attackers losing roughly $18 million in IT costs and lost revenue, or officials of Riviera Beach, Fla., who paid $600,000 in ransom to hackers who crippled their computer systems.

Think these are isolated cases? Think again. Ransomware attacks are a growing problem only expected to get worse.

Ransomware attacks occur daily, as attackers find vulnerabilities in government systems, usually by sending malicious email attachments. Armed with these cyberweapons, attackers lock up valuable data and demand payments in return for decryption keys. Given the relative ease to compromise systems and knowing how desperate entities are to get their data back, hackers today are commanding increasingly higher ransom price tags. While the Federal Bureau of Investigation (FBI) urges organizations not to pay ransom, many feel they have no alternative. Yet 40 percent of victims who paid ransom didn’t get their data back, according to a 2018 global survey by CyberEdge, meaning proactive network protection takes even greater priority.

What makes state and local governments so vulnerable? Outdated security systems, legacy equipment and insufficient data backup are common culprits, as well as a cybersecurity talent shortage, which is impacting both public and private sectors. Despite these challenges, understanding current threats is critical in defending your network. Here are some keys in determining whether your organization is at risk, and how to prevent an attack.

  • Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas. Assess your organization’s ability to prevent initial compromise of malware, stop lateral movement, detect infections, and respond to malware threats.
  • Perform a perimeter penetration assessment. What does a breach look like? Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
  • Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
  • If you have security tools in place, evaluate the effectiveness of those products and make sure they work well together.
  • Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization, and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Ransomware attacks are not going away. Taking proactive steps can help stave off an attack, protecting your vital data in the process, and potentially saving your organization millions of dollars.

 

Callie Guenther is a CyberSOC Data Scientist at Critical Start, a provider of Managed Detection and Response (MDR) services. Callie’s expertise in the application of data science to the cybersecurity space has helped government agencies, non-profit organizations, and the private sector prepare against cyber attacks.

 

Tags: Smart Cities & Technology Commentaries

Most Recent


  • As ransomware threat increases, a shift in minimum cyber insurance standards is hardening digital defenses
    In the last decade, the threat of ransomware and other cyberactivity has increased dramatically—more than ever, targeted organizations are paying the criminal perpetrators to have their information restored.  “Over the last year there has been an almost threefold increase in the proportion of victims paying ransoms of $1 million or more: up from 4 percent in 2020 […]
  • EV chargers
    Cities steadily adding more EV chargers for public to use
    Local governments are making headway as they develop their electric vehicle (EV) infrastructure. “Progress varies depending on what stage governments are at in the electrification strategy and funding availability,” says Brandon Branham, assistant city manager and chief technology officer for Peachtree Corners, Ga., which is part of the Atlanta metro. Its 2022 population is estimated […]
  • infrastructure
    The road to America’s infrastructure overhaul is paved in technology
    When it comes to infrastructure construction and maintenance, the road we took to get here will not lead us where we need to go tomorrow. An influx of government funding including the Bipartisan Infrastructure Law, American Rescue Plan Act (ARPA) and various coronavirus recovery programs provides a generational opportunity to invest in roads, bridges, airports […]
  • EV infrastructure
    Considerations for building an equitable, profitable and reliable EV infrastructure
    Electric vehicles (EV) are the way of the future. The Biden administration has set lofty goals to make 50 percent of all new cars sales in the U.S. zero-emissions vehicles by 2030. To make this goal a reality, we must first build out our nation’s EV charging infrastructure to be both stable and functional. Expanding […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

Twitter


AmerCityCounty

Report: Nearly 95 percent of America’s mayors face harassment, threats and violence dlvr.it/SQTn2z

16th May 2022
AmerCityCounty

The PIO’s Ultimate Guide to Social Media dlvr.it/SQTdCK

16th May 2022
AmerCityCounty

Gain Greater Visibility Into Your Public Works Fleet dlvr.it/SQSqXG

16th May 2022
AmerCityCounty

Report: Almost half of public sector retirees don’t touch their retirement plans for a decade dlvr.it/SQKMjp

13th May 2022
AmerCityCounty

Four steps to ensure your budget prioritizes equity dlvr.it/SQJgZz

13th May 2022
AmerCityCounty

Victims of Surfside condo collapse settle for nearly $1B in class action lawsuit dlvr.it/SQJffb

13th May 2022
AmerCityCounty

Impact investing merges making money with making a social impact dlvr.it/SQGBgv

12th May 2022
AmerCityCounty

Amazon Business caters to the public sector with technology-driven features and benefits dlvr.it/SQF2Gm

12th May 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X