The city of Atlanta is still feeling the effects of a March ransomware attack that disrupted city government operations for days. News reports indicate that the city has already spent more than $2 million cleaning up from the “SamSam” virus attack, and city officials have estimated that they may need another $10 million over the next year. Perhaps worse, many city departments have lost years’ worth of documents — including the police department, which lost all their “dash cam” video recordings.
The attack highlights a growing trend of threats specifically targeting state and local governments and other public-sector organizations. According to recent research from the Ponemon Institute, public-sector attacks appear to be rising faster than those in the private sector. The research firm estimates that 38 percent of public entities will suffer a ransomware attack this year, up from 31 percent last year and 13 percent in 2016.
Analysts say public-sector organizations are being targeted for a variety of reasons. Chief among these is that these organizations tend to easy marks because they lack adequate security systems and support and often are running unsupported software on outdated systems. In the case of ransomware attacks, these vulnerabilities may make the targeted organizations more likely to simply pay the ransom rather than risk extended downtime during remediation processes.
High-value data is another reason government agencies and others in the public sector are targeted. Government agencies store information not only for the people they employ and serve but also for a huge number of businesses that do contract work. Some analysts say criminals also see the public sector as an excellent source of personal wage and tax data that can be used to commit tax fraud and divert tax rebates.
The National Cybersecurity and Communications Integration Center (NCCIC) recommends the following precautions for organizations that serve the public:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Back up data on a regular basis. Keep it on a separate device and store it offline.
- Restrict users’ permissions to install and run software, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its ability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end-users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end-users.
- Configure firewalls to block access to known malicious IP addresses.
Recent attacks reinforce the need for improved cybersecurity in the public sector. However, this often becomes a back-burner issue for IT staff with overwhelming day-to-day responsibilities, limited budgets and scarce resources. This is why many organizations are turning to managed services providers to boost their security posture.
Verteks helps customers defend against increasingly sophisticated threats with a comprehensive security approach that includes real-time, layered protection. Best of all, our managed approach relieves cash-strapped municipalities and agencies from having to invest heavily in dedicated security staff. Contact us for an assessment of your current security posture and suggestions for boosting your protection.