https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Smart Cities & Technology


Thanks to Shahadat Rahman for sharing their work on Unsplash.

Article

Risk beyond ransomware: Three steps to improving your cybersecurity

Risk beyond ransomware: Three steps to improving your cybersecurity

Untold numbers of state and local governments have been hit with ransomware attacks. Here's how you can protect yourself.
  • Written by Evan Francen
  • 8th July 2020

Ransomware attacks increased 65 percent increase between 2018 and 2019.

The bad actors in this situation are business people who are attacking using campaigns like a sophisticated marketer: with catchy subject lines, smart keyword analysis and even compelling calls to action. They prey upon topical issues – such as the current Novel Coronavirus-19 pandemic – to take advantage of our fears, uncertainties and doubts. But, unlike COVID-19, there is nothing novel about their attack tactics. They use the same approaches that they have for decades for one simple reason: because they work.

Today’s environment is a perfect storm for attackers. Our teams are scared, tired and overwhelmed, leading them to be more distracted than usual. This includes all our IT and cybersecurity teams too. We’re not in our normal office environment where we can more readily watch systems for nefarious traffic.

Following are three approaches to help manage cyber risks.

#1 Back to Basics

Step 1: Slow down, give yourself time to think. Believe it or not, that urgent email can wait a second or two while you process what it says. Try to simplify and focus. Remember this: complexity is the enemy of information security.

Step 2: Understand risk. You cannot understand risk unless you assess it. Every good information security program starts with a good risk assessment. This is true in the private sector, and it’s critical in the public sector where budgets are tighter and the political stakes are higher.

Remember, information security or cybersecurity is risk management. Without proper risk assessments, you can’t manage risk, much less prioritize tasks and justify budgets.

A simple example. Should you shore up your back up strategy before you mature your vulnerability  management program (patches and configurations)? Do you patch before you reconfigure your firewall? A risk assessment will identify the need for this and help you prioritize where you spend your next cybersecurity dollar.

#2 Put Your Business Hat On

It’s time to ask if politics should play a role in information security. The government organizations who show the most success in cybersecurity are those who approach the discipline more like a business issue and less like a government (or political) one. By approaching cybersecurity with our business hats on, we can make smarter decisions with our budget and make prioritized choices about what to purchase and deploy and what processes are going to give the greatest cybersecurity benefit.

Healthcare entities that were early to approach their work from a business standpoint are a good example. In the early 2000s healthcare organizations were losing significant amounts of money in part due to inefficiencies in care delivery. Some, like St. Joseph Health Center in St. Louis, looked to business practices refined in the 1980s to improve quality and productivity while enhancing patient care, reducing medication errors and infection rates.

Approaching cybersecurity in city and county governments is no different. By taking the best of business and applying those tactics across divisions, you will be able to identify risk and make smart decisions. You will utilize your resources and budgets better, producing better results. Protecting our communities from cyber threats is the point, doing it better is the way.

#3 Manage Third-Party Information Security Risk

If more people understood the significance of third-party information security risk, more people would manage it much better, or at the very least, manage it. The sad fact is most government entities fail to manage third-party information security risk, and of those who do, most do it poorly.

Identifying cyber risk originating from outside or network has gained significant steam in the last two years. According to a 2018 Ponemon survey, companies share confidential information with, on average, 583 third parties. The same report showed that 59 percent of companies reported having experienced a data breach caused by one of their third parties in the past 12 months. Likely the data is worse in state and local governments.

This is very significant in terms of risk. When a breach occurs (remember risk elimination is not possible), how do we justify our failure to account for third-party information security risk?

Just like businesses, state and local governments rely on third parties to perform certain activities or services on their behalf. Use third-party support for compliance efforts, voter registration, processing payments, handling property titles, and hundreds of other things. Third parties are being used to manage and utilize sensitive citizen data in more ways than most people realize. The only way to ensure third-party risks don’t unnecessarily put citizens at risk is to turn to risk assessments to help identify the holes.

It’s easy to get overwhelmed when considering how to manage cyber risk within a state or local government, particularly knowing that COVID-19 related threats will plague us for a long time. The good news is that many of entities, in the shadow of the 2019 ransomware attacks, put plans in place to protect our organizations that are relevant and applicable today and well into the future.

Remember,  complexity is the enemy of cybersecurity, so before you start investing dollars and resources into shiny new cybersecurity programs, hit pause. Think like a businessperson, invest in thorough and continual risk assessments to help you build a solid plan to guide your efforts, and get those third-party risks under control.

Evan Francen is the CEO of SecurityStudio has extensive experience designing solutions for complex information security problems and is well-versed in governmental and industry-specific frameworks, regulations, standards and guidelines including NIST CSF, ISO/IEC 27000, FISMA, HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT. He is the chief designer of FISASCORE, the information security language spoken by more than 1,500 companies in the United States.

Tags: Cybersecurity ransomware News Smart Cities & Technology News Smart Cities & Technology Article

Most Recent


  • Amid spike, federal transportation department launches initiative to curb traffic-related deaths
    While stay-at-home orders might be a thing of the past, the pandemic’s impact is still felt daily through expectations to socially distance, the prevalence of masks in high risk areas like hospitals, and the stubbornly high annual rate of traffic-related deaths. Traffic fatalities hit a 16-year high in 2021, and preliminary data points to a […]
  • Report: Some public employees face financial hardship; comprehensive pay packages proved 'a pathway toward economic security'
    Many who work in public service, in professions that center around helping others, are themselves struggling to make ends meet and face financial hardship. Addressing these needs, the public employers they work for are well positioned to help them out, according to a report published Thursday by the MissionSquare Research Institute, “Examining the Financial Wellbeing […]
  • These 10 American cities are well prepared for a tech-based future
    From smart devices to electric vehicles, the success of technological advancements rely on municipal grids and infrastructure. Some cities are better equipped for the future than others. A new analysis from the tech company ProptechOS ranks the top 10 American cities best positioned for a “smart city future.” “But new technologies can only support us […]
  • public health
    How public health can build a “one health” infrastructure for the future
    Public health challenges—like antibiotic resistance, vector-borne disease and a global pandemic—have eluded traditional public health tools and frameworks. As a result, public health leaders focus more and more on the intersection between the environment and human health. Searching for a better framework to understand emerging threats to human health, many in public health circles have […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

White papers


Modernizing government services for today’s resident expectations

24th January 2023

Preparing Your Community Now for the Next Generation of Older Adults

18th October 2022

Helping Government Fleets Achieve Their Goals

30th September 2022
view all

Webinars


How To: Evaluate Digital Government Service Delivery Technologies

23rd January 2023

Using Technology to Enhance Communications

29th November 2022

Learn the benefits of transforming and automating your Contract Management process

4th November 2022
view all

PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


These 10 American cities are well prepared for a tech-based future

1st February 2023

Report: While remote work is causing offices to empty out, walkable cities are still in high demand

26th January 2023

10 American cities with a great downtown

24th January 2023
view all

Twitter


AmerCityCounty

Amid spike, federal transportation department launches initiative to curb traffic-related deaths dlvr.it/Shvs31

3rd February 2023
AmerCityCounty

Engaging businesses to strengthen your community dlvr.it/ShvZn0

3rd February 2023
AmerCityCounty

Report: Some public employees face financial hardship; comprehensive pay packages proved ‘a pathway toward economic… twitter.com/i/web/status/1…

2nd February 2023
AmerCityCounty

Strategic Budgeting for Modern Government dlvr.it/ShrHmD

2nd February 2023
AmerCityCounty

These 10 American cities are well prepared for a tech-based future dlvr.it/Shp7sH

1st February 2023
AmerCityCounty

How public health can build a “one health” infrastructure for the future dlvr.it/ShnlKm

1st February 2023
AmerCityCounty

Four Steps to Better Municipal Fleet Fuel Purchasing dlvr.it/ShnbWP

1st February 2023
AmerCityCounty

Report: With increase popularity of e-bikes and e-scooters, there’s a need for ‘safe and connected infrastructure’ dlvr.it/ShlKmJ

31st January 2023

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.