Why U.S. cities are a key target for cyber attacks
Connecting state and local government leaders
As easy targets with high value, cities often fall victim to phishing attacks launched from common applications, such as Acrobat Reader, Microsoft Word and Chrome.
In March 2018, we all followed the massive cyberattack targeting Atlanta, Ga., that stopped city business and ultimately cost the city $2.7 million. Similar attacks cause damage to municipalities around the U.S. all of the time.
As someone who was once a cyber-attacker (I worked for the Israeli cyber unit for several years), I can see why cities are such a good target for attackers. There are two key reasons:
The impact: The potential impact of attacking a city is huge. In addition to the normal “benefits” of getting access to private customer data, credit cards and so on, penetrating a city may give attackers access to sensitive information about residents. Depending on the local-government agency and its IT structure, attackers can access and impact a variety of systems, beyond just databases with customer/resident information. In short, the value of penetrating a city’s network has the potential to reveal a virtual “pot of gold,” providing a great deal of access and information in one breach -- a much higher return on investment than penetrating a commercial organization.
The ease of penetration: Generally speaking, cities are vulnerable. Their size, organizational structure, public-sector bureaucracy and the fact that they communicate with a wide variety of organizations and individuals make them an easy target. Many U.S. cities are comprised of multiple departments and units, using different technological platforms and various policies and processes. This setup often makes it difficult for the security team to manage and protect each and every end point in the organization. Moreover, it’s becoming more common for cities to use vulnerable systems while they prep security patches and updates. The combination of the time it takes security vendors to release those patches and cities’ inherent bureaucracy leads to slower deployment of such updates. In addition, some cities use legacy systems that are not as secure as newer, more modern systems or do not integrate with innovative security solutions.
The bottom line is that cities offer a great opportunity for attackers, who look for easy targets with high value. With that in mind, it is no surprise that most of the top 25 U.S. cities have cyber-insurance or are looking to buy a policy, according to The Wall Street Journal.
As co-founder and the CTO of a company that provides solutions that protect cities from advanced threats delivered via email and other digital communication channels, I see how critical it is for municipalities to understand the risk and be keen to defend their assets. One of their most significant needs is to protect their organizations from advanced threats -- attacks that typically go under the radar of current security solutions such as secure email gateways or sandboxes.
The problem lies in the fact that almost all current security solutions are reactive, adjusting their defenses based on attacks they have seen in the past. The reality of the cyber world is that new attacks are emerging on a daily basis, making it harder for vendors to keep up to date in protecting from the newest attackers’ tricks.
Agencies need an approach that doesn't rely on the trends of attacks or even past knowledge about them. The common ground in 90 percent of attacks is that they are opened in third-party applications that every organization uses, such as Acrobat Reader, Microsoft Word and Chrome.
Rather than rely on updates when new attacks are discovered, agencies should use technologies that look at applications' normal operations at the CPU level and make sure no file or link opened in those applications causes a different flow. This kind of solution is completely attack-agnostic, allowing organizations to detect and block sophisticated attacks that otherwise would go undetected. It also eliminates the need for constant security updates.
We see a growing number of cities that already use or intend to adopt advanced threat protection technologies in the near future. Some leverage their migration to cloud-based email such as Office365 to upgrade their email security with newer, more robust protection, and some do it regardless of their migration to the cloud. Cities should expect this trend to continue as threats become harder to detect, spear-phishing reaches new levels of sophistication and the potential for damage grows every day.