https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Commentaries


Protecting your state and local government against ransomware attacks

Protecting your state and local government against ransomware attacks

  • Written by Callie Guenther
  • 18th September 2019

Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems. A few recent attacks making headlines: Lake City, Fla., a community of about 12,000 people, paid roughly $462,000 in bitcoins following a ransomware attack. This follows up well-publicized attacks of the city of Baltimore, which has been repeatedly victimized within the past year by ransomware attackers losing roughly $18 million in IT costs and lost revenue, or officials of Riviera Beach, Fla., who paid $600,000 in ransom to hackers who crippled their computer systems.

Think these are isolated cases? Think again. Ransomware attacks are a growing problem only expected to get worse.

Ransomware attacks occur daily, as attackers find vulnerabilities in government systems, usually by sending malicious email attachments. Armed with these cyberweapons, attackers lock up valuable data and demand payments in return for decryption keys. Given the relative ease to compromise systems and knowing how desperate entities are to get their data back, hackers today are commanding increasingly higher ransom price tags. While the Federal Bureau of Investigation (FBI) urges organizations not to pay ransom, many feel they have no alternative. Yet 40 percent of victims who paid ransom didn’t get their data back, according to a 2018 global survey by CyberEdge, meaning proactive network protection takes even greater priority.

What makes state and local governments so vulnerable? Outdated security systems, legacy equipment and insufficient data backup are common culprits, as well as a cybersecurity talent shortage, which is impacting both public and private sectors. Despite these challenges, understanding current threats is critical in defending your network. Here are some keys in determining whether your organization is at risk, and how to prevent an attack.

  • Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas. Assess your organization’s ability to prevent initial compromise of malware, stop lateral movement, detect infections, and respond to malware threats.
  • Perform a perimeter penetration assessment. What does a breach look like? Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
  • Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
  • If you have security tools in place, evaluate the effectiveness of those products and make sure they work well together.
  • Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization, and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Ransomware attacks are not going away. Taking proactive steps can help stave off an attack, protecting your vital data in the process, and potentially saving your organization millions of dollars.

 

Callie Guenther is a CyberSOC Data Scientist at Critical Start, a provider of Managed Detection and Response (MDR) services. Callie’s expertise in the application of data science to the cybersecurity space has helped government agencies, non-profit organizations, and the private sector prepare against cyber attacks.

 

Tags: Smart Cities & Technology Commentaries

Related


  • 2020 Crown Communities winner: El Paso County, Texas’ pretrial justice modernization
    Since 2015, El Paso County, Texas, has undertaken a massive modernization of its pretrial justice programs. This overhaul consists of eight reforms, each of which targets a different part of the pretrial justice system. Not only are the reforms diverse; each one has had a quantifiable impact on El Paso County’s justice system. The county […]
  • 2020 Crown Communities Winner: South Bay Cities Council of Governments' South Bay Fiber Network
    American City & County traditionally awards its Crown Communities Awards to the exemplary projects of municipalities, counties, and subdivisions of local government like precincts or water districts. However, we felt that California joint powers authority South Bay Cities Council of Governments (SBCCOG)’s impressive South Bay Fiber Network (SBFN) — which is benefiting its 16 member […]
  • Updating the assessor report: A new approach
    Ramsey County, Minn.'s new guiding practice is that any dataset available on its open data portal must include a data story
  • 2020 Crown Communities winner: Harris County, Texas, Precinct 2's ACCESS2HEALTH SmartPod
    Precinct 2 of Harris County, Texas, implemented a medical college’s innovative epidemiological technology to bring COVID-19 testing to its vulnerable residents. However, the precinct’s initiative and this technology could influence pandemic response across the country. Of all four precincts in Harris County, Texas, Precinct 2 has the lowest median life expectancy, the highest percentage of […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Buffalo, N.Y.'s 48 hours to navigate a mission-critical transition to remote work
  • Hi-tech sewers can help safeguard public health, environment and economies
  • Three ways the public sector can minimize remote workforce PC refresh headaches
  • Tyler Technologies to acquire NIC

Twitter


AmerCityCounty

Why Tucson is building its own 4G network dlvr.it/RvDxK0

8th March 2021
AmerCityCounty

Key Steps Governments Can Take to Guard Against Malware Attack dlvr.it/RvCr2x

8th March 2021
AmerCityCounty

2020 Crown Communities winner: El Paso County, Texas’ pretrial justice modernization dlvr.it/Rv4GKL

6th March 2021
AmerCityCounty

A city’s innovative downtown master plan sees future in local, inclusive placemaking dlvr.it/Rv3SfM

5th March 2021
AmerCityCounty

2020 Crown Communities winner: Gainesville, Fla. closes Dignity Village and houses its homeless population dlvr.it/Rv1GS2

5th March 2021
AmerCityCounty

2020 Crown Communities Winner: South Bay Cities Council of Governments’ South Bay Fiber Network dlvr.it/Rv10b7

5th March 2021
AmerCityCounty

Senate American Rescue Plan includes more than $60 million in direct aid for counties dlvr.it/RtzvBK

4th March 2021
AmerCityCounty

ASCE releases 2021 Report Card for America’s Infrastructure dlvr.it/Rtvck5

3rd March 2021

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X