https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE Expo
    • Calendar of Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Commentaries


Protecting your state and local government against ransomware attacks

Protecting your state and local government against ransomware attacks

  • Written by Callie Guenther
  • 18th September 2019

Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems. A few recent attacks making headlines: Lake City, Fla., a community of about 12,000 people, paid roughly $462,000 in bitcoins following a ransomware attack. This follows up well-publicized attacks of the city of Baltimore, which has been repeatedly victimized within the past year by ransomware attackers losing roughly $18 million in IT costs and lost revenue, or officials of Riviera Beach, Fla., who paid $600,000 in ransom to hackers who crippled their computer systems.

Think these are isolated cases? Think again. Ransomware attacks are a growing problem only expected to get worse.

Ransomware attacks occur daily, as attackers find vulnerabilities in government systems, usually by sending malicious email attachments. Armed with these cyberweapons, attackers lock up valuable data and demand payments in return for decryption keys. Given the relative ease to compromise systems and knowing how desperate entities are to get their data back, hackers today are commanding increasingly higher ransom price tags. While the Federal Bureau of Investigation (FBI) urges organizations not to pay ransom, many feel they have no alternative. Yet 40 percent of victims who paid ransom didn’t get their data back, according to a 2018 global survey by CyberEdge, meaning proactive network protection takes even greater priority.

What makes state and local governments so vulnerable? Outdated security systems, legacy equipment and insufficient data backup are common culprits, as well as a cybersecurity talent shortage, which is impacting both public and private sectors. Despite these challenges, understanding current threats is critical in defending your network. Here are some keys in determining whether your organization is at risk, and how to prevent an attack.

  • Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas. Assess your organization’s ability to prevent initial compromise of malware, stop lateral movement, detect infections, and respond to malware threats.
  • Perform a perimeter penetration assessment. What does a breach look like? Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
  • Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
  • If you have security tools in place, evaluate the effectiveness of those products and make sure they work well together.
  • Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization, and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Ransomware attacks are not going away. Taking proactive steps can help stave off an attack, protecting your vital data in the process, and potentially saving your organization millions of dollars.

 

Callie Guenther is a CyberSOC Data Scientist at Critical Start, a provider of Managed Detection and Response (MDR) services. Callie’s expertise in the application of data science to the cybersecurity space has helped government agencies, non-profit organizations, and the private sector prepare against cyber attacks.

 

Tags: Smart Cities & Technology Commentaries

Most Recent


  • Report: Local cybersecurity programs are facing headwinds as threats, technologies evolve
    The evolving technological landscape isn’t just changing the nation’s social and economic norms, it’s also pushing local governments to adapt. A new analysis from the Public Technology Institute provides a snapshot of the challenges local cybersecurity programs are facing, and the priorities of city and county administrators as they guide organizations through an unprecedented era […]
  • CISA publishes AI roadmap to support security, competitiveness of American cities and counties
    The advent of artificial intelligence poses technical, ethical, political and security challenges for American local governments of all sizes. As AI becomes more prevalent and pervasive with each year that passes, the federal government is taking proactive steps now to avert future crises. A key part of that initiative is a new plan called the […]
  • technology
    The correlation between trust, transparency and technology with residents and their local governments
    Today, residents benchmark interactions with their local government against the experiences they have with consumer-facing brands. Digital self-service, immersive engagement experiences and streamlined communication are all on the table as municipalities seek to enhance civic engagement and foster trust with residents. Due to these evolving preferences and growing demands, local governments must look for ways […]
  • Report: Mayors are interested in generative AI, but adoption rates remain low
    There’s been a lot of focus in recent months on artificial intelligence (AI) and its many possible applications, from self-driving cars to manufacturing efficiencies. City administrators are likewise exploring the ways AI can improve the quality of life and safety of their constituents, and the effectiveness of public services.  New research from Bloomberg Philanthropies in […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

WHITE PAPERS


The Four Key Components of Successful Digital Transformation

22nd November 2023

Navigating Today’s Greatest Workplace Challenges

3rd October 2023

7 Resources to Level-up Your Federal Grants Administration and Compliance

5th September 2023
view all

Webinars


Grant Preparedness: Unlocking Funding Opportunities for Your Success

10th August 2023

2023 State of Public Sourcing: Taking Local Governments into a Bright Future

1st August 2023

Stop Playing with Fire: How to Manage Infrastructure Asset Risk So You Know You’re Covered

20th June 2023
view all

Podcast


Podcast: Disaster Management Symposium preview

13th October 2023

Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020
view all

GALLERIES


Gallery: Top 10 domestic city travel destinations this Thanksgiving season

22nd November 2023

Gallery: 10 American cities that have seen substantial population growth in the last five years

6th November 2023

Gallery: 10 of America’s greenest large cities

24th October 2023
view all

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.