Local government cyber security is facing a serious epidemic that threatens to drain funds, upend budgetary assumptions and leave communities without the services they have come to rely on. This epidemic is none other than cyber crime and the problem is growing worse with each passing year.
As the private industry beefs up its cyber defenses and employees become more cautious about clicking links and answering unsolicited phone calls, hackers have changed their tactics and targeted a new class of victims – local government.
The statistics speak for themselves.
Cyber Security Statistics for 2020
Unfortunately, government agencies are now the most frequently targeted organizations, suffering more than 15% of all cyber-attacks in 2020. Cyber criminals know that a successful cyber-attack on a local government will have an outsized impact, and that can increase the odds of a payout.
For example, when the city of Atlanta was targeted with a ransomware attack, millions of ordinary citizens were impacted for weeks while employees and IT experts struggled to bring their systems back online.
Ransomware in particular is an insidious problem and infections are spreading rapidly. In 2020 alone there has been a nearly 50% increase in the number of ransomware variants in the wild, making it difficult for non-IT experts to protect themselves and their systems.
Aside from political upheaval and a global health crisis, 2020 also ushered in a new age of ransomware attacks aimed specifically at municipal governments already struggling under the weight of the COVID-19 pandemic.
Cyber Threats: Obstacles Local Government Organizations Face
Cyber criminals are well aware that local government organizations often lack the resources to fully protect themselves from known and emerging threats.
Some of the challenges municipal organizations face include:
- Limited budgets and lack of funding: Local governments often lack the resources for a robust cyber defense which leaves them vulnerable to hacking and ransomware attacks.
- Lack of IT expertise: Few local governments have dedicated IT staff in place to resolve vulnerabilities or offer security recommendations.
- Insufficient cyber awareness: Municipal staff are skilled at what they do, but similar to the private sector, employees lack the training, knowledge and awareness to distinguish legitimate emails from phishing attempts.
Maintaining Personally Identifiable Information (PII) Compliance
While it is important for local governments to prevent losses, PII compliance is also a consideration.
- Municipalities can be held liable when someone within their organization becomes aware of an issue and the organization fails to take action.
- For local governments that accept credit card payments, PCI compliance is vital. Many municipalities fail to comply because they are unaware of how this type of compliance works and why it is so important.
- Using a free email service like Hotmail or Gmail can put local governments at risk. If these email systems must be used, proper tracking technology is essential. Every piece of email that flows through the municipal system, no matter what the platform, must be carefully tracked and archived.
- Care must be taken when publishing agendas, meeting minutes, resolutions and other information online so this information is freely available and accessible to the public.
The 3 Most Common Ransomware Attacks
The details surrounding cyber-attacks vary greatly which makes prevention particularly difficult since the game is always changing. Three of the most common ransomware to watch out for are Ryuk, CryptoLocker and Cryptowall.
Should You Pay the Ransom?
With any luck, your municipality will never suffer a ransomware attack, but if you do, like so many others, you’ll find yourself with an important decision to make.
Should you pay the ransom, or should you refuse the extortion attempt and work to rebuild your systems from backups and other available resources?
At first, paying the ransom may seem to be the path of least resistance, but there is no guarantee that payment will end your problems, or even get your files back. You are dealing with criminals after all.
Some hackers will destroy your data just because they can, even if the ransom is paid. Even if you do pay and get the decryption key, the attackers might only give you 80% of your data back – or perhaps nothing at all.
But consider this: paying the ransom may actually harm you more in the long run.
When you pay the ransom and get the decryption key, that key could actually contain a beacon that leaves what hackers call ‘breadcrumbs’.
These breadcrumbs identify you as a ‘known payer’ and basically flag you as an organization that is likely to pay the ransom a second time. Before you know it, a few months down the road they send out another piece of malware that searches for the beacon and they target you all over again.
Does Cyber Liability Insurance Help?
Even if you have cyber liability insurance, paying the ransom and filing a claim will drive up your premiums and hurt your budget in the process.
If you want to protect yourself and your citizens, we encourage you to contact Ontech Systems to assess your vulnerabilities and take appropriate action.
The Average Financial Loss
The results of cyber-attacks can be devastating for local governments and the communities they serve. A single cyber-attack can disable systems for weeks on end, leaving those who rely on local government services scrambling for assistance in an already trying time.
For local municipalities, the losses can be devastating. In the last few years, the average ransomware payment has nearly doubled, and that trend is only accelerating. Hackers go where the money is, so naturally this has led to a significant increase in ransomware attacks on local governments.
How Local Governments Can Prevent Cyber Attacks
In short, prevention is the key. Recovery from a ransomware attack or cyber breach can take months and cost millions of dollars, and no local government wants to be put in that position.
If you want to protect your local government organization from the growing danger of cyber-attacks, consider these 8 steps to get started.
1) Data Backup: Become Ransomware Proof
One of the best ways to guard against data loss in the event of a ransomware or cyber-attack is by creating a robust data backup plan.
2) Managed Security Services
Consider managed security to reduce risk and uncover potential vulnerabilities before they become serious threats. Ontech Managed Security includes a ransomware guarantee as long the solution is running on your network.
3) Take a Proactive Approach
Take a proactive approach to antivirus protection and systems patching, either through a managed IT service or on a regular basis manually.
Be prepared for future compliance regulations. More compliance is expected to be coming down the pipeline, so taking steps toward securing your network now can ensure you’re protected and not vulnerable to fines or violations down the road.
4) Regular Risk Assessments
5) Clear Separation between Network Components
Confirm there is a clear separation between servers, networks and environments. Separating the various aspects of operations can be critical to mitigating damage should a cyber-attack occur.
6) Cyber Security Basics
Don’t overlook low cost solutions and cyber security basics to avoid potential threats. Some actions, like requiring strong passwords, security awareness training or limiting employee access require little to no investment. Use this cyber security checklist as your guide to protection and compliance.
7) Cyber Liability Insurance
Purchase cyber liability insurance to protect your organization, your employees and the people you serve.
8) HIPAA Compliance (Where Applicable)
If your local organization has a health department, ensure they are HIPAA compliant. HIPAA compliance is a big deal for local governments with dedicated health departments.
More Than Just Monetary Damage
In a growing number of cases, the perpetrators of ransomware attacks are now corrupting databases, erasing critical files and wreaking havoc on municipal networks, all while they await their ransomware payments.
The result is often millions of dollars in financial losses, along with thousands of invaluable, confidential records.
By the time the ransomware payments are received, often in untraceable virtual currencies like Bitcoin, extensive damage has already been done, and some of that damage may be irreversible.
For this reason, we always encourage local governments to take a proactive approach to fighting cybercrime. It is not enough to wait until the demand has been sent; mounting a robust cyber defense now is more important than ever before.
Whether you need assistance evaluating your network or you have questions about local government IT services in general, please feel free to reach out to our support team online or by phone at 262-522-8560.