Ransomware defense for local governments

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Sameer Dixit
 

Connecting state and local government leaders

By Sameer Dixit

|

The combination of a solid backup and disaster recovery plan with an effective vulnerability scanning and data breach emulation strategy will go a long way toward both preventing attacks and recovering from successful attacks.

Cyber attackers often focus on networks and systems that are vulnerable and lack the security resources to mount an effective defense. Recently, hackers have homed in on a new favorite target: government networks. The past few months have seen coordinated attacks on local city and county government offices across Texas and Florida and in Atlanta and New Orleans.

Local governments = prime targets

City and county networks are particularly vulnerable, due to limited budgets and finite cybersecurity resources. Governments simply don’t have the funds to invest in all of the available tools and services, and they may lack the security knowledge and skills to defend against attacks effectively. At the same time, government networks are a treasure trove of valuable personally identifiable information. They generally include information such as names, addresses, birth dates and phone numbers, and sometimes even yield driver’s license or Social Security numbers.

Even if attackers don’t locate juicy information on a local agency or municipal network, those networks are typically trusted by and connected to larger government networks at the state or federal level. If attackers can successfully compromise a system on the local network, they may be able to pivot to other networks. They may also be able to capture user names and passwords -- or obtain these credentials through social engineering -- and elevate local network privileges or log in to related networks.

The problem isn’t just that attackers are able to exploit vulnerabilities to access networks and data -- it’s that they are able to remain undetected for a considerable amount of time. Average dwell time for such attacks -- the time between initial compromise and detection -- is two to three months.

Flying under the radar for maximum effect

Dwell time is crucial. Early ransomware campaigns simply encrypted data on the compromised endpoint. But as long as current backups of crucial systems and sensitive data were available, everything could be restored without having to pay a ransom to decrypt files.

Attackers are aware of the prevailing wisdom advising regular backups. While there are certainly still ransomware variants in circulation that randomly compromise any vulnerable system they can find, attackers are increasingly infiltrating a network and taking their time before actually executing the ransomware. By flying under the radar and remaining undetected for as long as possible, attackers can spend their time conducting reconnaissance inside the network, finding online backups and cloud storage systems they can damage to maximize the attack's impact. By the time the ransomware attack is executed and the attacker’s presence is revealed, backups may have been corrupted or encrypted, and victims are left with little choice but to pay the ransom and hope they can recover their data.

Improving cybersecurity

What can municipal agencies and local government offices do to defend themselves? While there is no such thing as perfect cybersecurity, there are established best practices that will improve the overall security of agency infrastructure and speed recovery from an attack. More importantly, with the right tools and processes, agencies can detect suspicious or malicious activity faster, reducing dwell time and minimizing the damage resulting from a successful compromise.

For one thing, a solid disaster recovery plan is crucial. In the event of a security compromise (or even a technical malfunction or natural catastrophe), it’s important to be able to resume normal operations as quickly as possible. One of the most important elements of disaster recovery, especially given the pervasive threat of ransomware attacks, is to have current backups of critical applications and data, because some recent attacks have included steps to disrupt or eliminate backups. To make sure the backups themselves are not compromised, they should be encrypted.  Recovery backups should be stored offline, in a location where they can’t be accessed or tampered with by attackers and from which IT staff can quickly restore an operational system on a new, bare-metal server.

In addition, although an effective strategy will help agencies recover after an attack, they also have to realize that they have been attacked. Organizations should perform periodic penetration testing, continuously scan and monitor their networks to detect suspicious or malicious activity in real time and exercise a vulnerability scanning or data breach emulation capability to identify weak spots in their security posture before they are exploited.

While some organizations engage third-party penetration testing services or conduct red-team exercises to expose holes in their cybersecurity, those efforts are generally sporadic and infrequent. And cyber attacks don’t adhere to a timeline.  It’s important to be able to automate the process and conduct data breach emulation continuously.

Back to basics

Municipal agencies and local governments are prime targets for cyber attacks, but most don’t have huge IT security teams or massive budgets. It would be impractical to try to do everything, so it’s prudent to ensure that the fundamentals are covered -- the basic tactics that will help defend against or detect most cyber attacks.

The combination of a solid backup and disaster recovery plan with an effective vulnerability scanning and data breach emulation strategy will go a long way toward both preventing attacks and recovering from successful attacks.

With the addition of a  continuous scanning and monitoring capability to detect suspicious or malicious activity quickly, agencies can be confident that their defenses are up.

NEXT STORY: Congress reaches deal for state election security grants

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.