Cyberattacks are becoming more common in government agencies. These agencies are being targeted for cyberattacks. We will be summarizing some of their best practices and highlighting some of the potential consequences of having vulnerabilities. In recent years, our elections systems have been a major focus. We are taking the lessons learned from that area and applying them to the government’s IT infrastructure. This should be the reference architecture for all government entities and departments, including Security Officers and CIOs.
Learn how to do more in government with less.
The Scenario
The world of today is vastly different from the world five years ago. Ransomware attacks were once a major topic. They are now commonplace. Cybercriminals have always targeted large businesses. Every day we hear of new attacks on a state, county, or city government entity.
“Island-hopping” attacks are becoming more frequent. This means that attacks are becoming more difficult to stop and are affecting suppliers and customers.
At an alarming rate, newer, more sophisticated cyberattacks are bypassing signature-based antivirus solutions. More than 60% are not malware-based. Malware is now more sophisticated than ever, and phishing attacks that were once laughably obvious by incorrect graphics and misspellings are now very convincing.
Recent months have seen a number of high-profile attacks on major U.S. cities. These attacks include ransomware variants as well as permanent data loss. The damage has reached into the millions of dollars. These attacks are still being felt in some cities, and the lessons learned are very important.
An attack can be introduced via spear phishing emails. This email is often opened by city employees, which exposes the entire infrastructure to attack. Ransomware can encrypt all city data and workstations as well as the dispatch systems for first responders. In December 2019, ransomware attacked the City of Pensacola in Florida. The Maze ransomware was used. The hackers threatened to release data if $1M was not paid. They did release a small amount of the data to prove their claim. This was especially devastating because it happened days after a shooting at the nearby Naval Base. Experts estimate that the recovery process from this hack could take anywhere from six months to one year. We don’t know if the hacker paid the city, but we do know that they paid $140K to the consulting firm to fix the problem.
New Orleans, Galt, CA, near Sacramento, and St Lucie in Florida are some of the other cities that were hit by the December attacks. All attacks can be costly in terms productivity, image and privacy. The “new” thing is that attackers are often taking advantage of smaller, less vulnerable entities. We continue to see new attacks against state, county, and local governments. This highlights the need for greater cybersecurity awareness and protection.
Government Agencies are Highly At Risk
Many businesses and retailers realized the dangers of security breaches after the Target attack in 2013. They implemented more sophisticated security measures to prevent attackers. Many times, the government did not follow suit. They were often hindered by limited budgets or a shortage of security personnel.
Here are some data to consider:
The International City/County Management Association, also known as ICMA, released results from a 2018 survey. They found that the following were the most significant barriers to cybersecurity implementation in their area:
58% cited inability to pay cybersecurity personnel competitive salaries53% cited insufficient cybersecurity staff46.5% cited a shortage of qualified cybersecurity personnel52.3% cited a dearth of funds for cybersecurity
Additionally, more than half of respondents had never received cybersecurity training for their employees.
Many government agencies are rapidly adding Internet-connected services to their technology, often without securing the new technology. This creates new attack surfaces for cyber criminals as well as nefarious national-state actors. The increased threat of attack is made worse by the fact that organized crime groups are using the dark web to help them.
Cyber Security is Critical to Government
This is alarming when you consider all the vulnerabilities in government and the potential consequences for the public. These are just a few of the ways criminals and terrorists can use cyberattacks to attack others.
Critical safety interruptions at municipal airports can cause chaos and allow hackers to cause chaos in new forms of warfare. One such case involved the deletion of a patient allergy from a chart, and the patient died on the operating table.Prison inmate data could be hacked and/or changed.911 systems could be brought down during major emergencies.Government contract award data could be compromised.Key governmental communications could be altered or changed.Sealed juvenile arrest records could be reached and exposed, or altered and exposed.DMV records could be altered, u