https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Smart Cities & Technology


Thanks to Shahadat Rahman for sharing their work on Unsplash.

Article

Risk beyond ransomware: Three steps to improving your cybersecurity

Risk beyond ransomware: Three steps to improving your cybersecurity

Untold numbers of state and local governments have been hit with ransomware attacks. Here's how you can protect yourself.
  • Written by Evan Francen
  • 8th July 2020

Ransomware attacks increased 65 percent increase between 2018 and 2019.

The bad actors in this situation are business people who are attacking using campaigns like a sophisticated marketer: with catchy subject lines, smart keyword analysis and even compelling calls to action. They prey upon topical issues – such as the current Novel Coronavirus-19 pandemic – to take advantage of our fears, uncertainties and doubts. But, unlike COVID-19, there is nothing novel about their attack tactics. They use the same approaches that they have for decades for one simple reason: because they work.

Today’s environment is a perfect storm for attackers. Our teams are scared, tired and overwhelmed, leading them to be more distracted than usual. This includes all our IT and cybersecurity teams too. We’re not in our normal office environment where we can more readily watch systems for nefarious traffic.

Following are three approaches to help manage cyber risks.

#1 Back to Basics

Step 1: Slow down, give yourself time to think. Believe it or not, that urgent email can wait a second or two while you process what it says. Try to simplify and focus. Remember this: complexity is the enemy of information security.

Step 2: Understand risk. You cannot understand risk unless you assess it. Every good information security program starts with a good risk assessment. This is true in the private sector, and it’s critical in the public sector where budgets are tighter and the political stakes are higher.

Remember, information security or cybersecurity is risk management. Without proper risk assessments, you can’t manage risk, much less prioritize tasks and justify budgets.

A simple example. Should you shore up your back up strategy before you mature your vulnerability  management program (patches and configurations)? Do you patch before you reconfigure your firewall? A risk assessment will identify the need for this and help you prioritize where you spend your next cybersecurity dollar.

#2 Put Your Business Hat On

It’s time to ask if politics should play a role in information security. The government organizations who show the most success in cybersecurity are those who approach the discipline more like a business issue and less like a government (or political) one. By approaching cybersecurity with our business hats on, we can make smarter decisions with our budget and make prioritized choices about what to purchase and deploy and what processes are going to give the greatest cybersecurity benefit.

Healthcare entities that were early to approach their work from a business standpoint are a good example. In the early 2000s healthcare organizations were losing significant amounts of money in part due to inefficiencies in care delivery. Some, like St. Joseph Health Center in St. Louis, looked to business practices refined in the 1980s to improve quality and productivity while enhancing patient care, reducing medication errors and infection rates.

Approaching cybersecurity in city and county governments is no different. By taking the best of business and applying those tactics across divisions, you will be able to identify risk and make smart decisions. You will utilize your resources and budgets better, producing better results. Protecting our communities from cyber threats is the point, doing it better is the way.

#3 Manage Third-Party Information Security Risk

If more people understood the significance of third-party information security risk, more people would manage it much better, or at the very least, manage it. The sad fact is most government entities fail to manage third-party information security risk, and of those who do, most do it poorly.

Identifying cyber risk originating from outside or network has gained significant steam in the last two years. According to a 2018 Ponemon survey, companies share confidential information with, on average, 583 third parties. The same report showed that 59 percent of companies reported having experienced a data breach caused by one of their third parties in the past 12 months. Likely the data is worse in state and local governments.

This is very significant in terms of risk. When a breach occurs (remember risk elimination is not possible), how do we justify our failure to account for third-party information security risk?

Just like businesses, state and local governments rely on third parties to perform certain activities or services on their behalf. Use third-party support for compliance efforts, voter registration, processing payments, handling property titles, and hundreds of other things. Third parties are being used to manage and utilize sensitive citizen data in more ways than most people realize. The only way to ensure third-party risks don’t unnecessarily put citizens at risk is to turn to risk assessments to help identify the holes.

It’s easy to get overwhelmed when considering how to manage cyber risk within a state or local government, particularly knowing that COVID-19 related threats will plague us for a long time. The good news is that many of entities, in the shadow of the 2019 ransomware attacks, put plans in place to protect our organizations that are relevant and applicable today and well into the future.

Remember,  complexity is the enemy of cybersecurity, so before you start investing dollars and resources into shiny new cybersecurity programs, hit pause. Think like a businessperson, invest in thorough and continual risk assessments to help you build a solid plan to guide your efforts, and get those third-party risks under control.

Evan Francen is the CEO of SecurityStudio has extensive experience designing solutions for complex information security problems and is well-versed in governmental and industry-specific frameworks, regulations, standards and guidelines including NIST CSF, ISO/IEC 27000, FISMA, HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT. He is the chief designer of FISASCORE, the information security language spoken by more than 1,500 companies in the United States.

Tags: Cybersecurity ransomware News Smart Cities & Technology News Smart Cities & Technology Article

Related


  • A video surveillance camera and sign warning about CCTV being in operation
    All activities monitored: The 10 most surveilled major cities in the U.S.
    Public close-circuit television (CCTV) cameras, or public video surveillance camera, hold multiple benefits for cities. They can help reduce crimes around public areas, buildings and roads, and with the increasing deployment of smart sensors and 5G, these cameras will be able to utilize the Internet of Things (IoT) to accomplish much more in the future. […]
  • A street in Denver
    Denver anticipates autonomous vehicles with cross-agency, cross-sector collaborative planning
    Without early planning by regulators, autonomous vehicles (AVs) have the potential to fail on their promises of safer and more convenient travel. Before and even during the pandemic, which has understandably shifted priorities of local and state officials, leaders in AV policy development are nonetheless thinking about and producing plans to deal with hundreds of […]
  • Revenue and zoning evolution prepares Seattle for an autonomous vehicle future
    Although autonomous vehicles (AVs) are not fully ready for deployment, history provides strong incentive to begin planning for its implementation now. In the early 20th century, the growth of the automobile erupted faster than regulators could have imagined with far-reaching consequences. Although cars eventually helped fulfill promises of economic growth, middle-class jobs, and on-demand mobility, […]
  • A street in Los Angeles
    Los Angeles infrastructure inventory anticipates future autonomous vehicle policy
    With respect to autonomous vehicles (AVs), city and state regulators are eventually going to confront hundreds of interrelated policy and economic issues in order to adequately prepare their roads and populations for safe, fair, and effective use. During the pandemic, city budgets have become strained, and regulators understandably have important and pressing financial burdens such […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • How local governments can combat the affordable housing crisis
  • How cities are reclaiming street parking spaces for public use
  • Grand Rapids offers free Wi-Fi access to the public in 10 parks
  • Kentucky county invests over $13 million in building innovative public fiber network

White papers


How-to Tips to Prepare for Your Summer Construction Projects

5th April 2021

How to Procure an eProcurement System that Generates More Value from Your Budget

1st April 2021

The Technology Solutions Vital to Clerk Productivity in Our Post-Pandemic Communities

18th March 2021
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

Bridging the digital divide: Three questions community leaders should consider dlvr.it/Rxlth0

15th April 2021
AmerCityCounty

Procurement department puts post-pandemic work plan in place to ensure continued productivity dlvr.it/RxgxjN

14th April 2021
AmerCityCounty

Georgia city moves to automated trash collection dlvr.it/RxX5Rl

12th April 2021
AmerCityCounty

The Community Game Changer: Library Outsourcing dlvr.it/RxLd6r

9th April 2021
AmerCityCounty

Cooperative contracts can be an entryway for small and diverse companies to successfully compete for government sal… twitter.com/i/web/status/1…

9th April 2021
AmerCityCounty

Electric slide: Mayors form collaborative organization to purchase electric vehicles for cities dlvr.it/RxGsHY

8th April 2021
AmerCityCounty

Celebrating the unsung heroes of the COVID-19 pandemic: Procurement professionals dlvr.it/RxGsG2

8th April 2021
AmerCityCounty

Expanding opportunities: Nebraska’s bold procurement Concierge Program dlvr.it/RxGpyr

8th April 2021

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X