While experts generally believe there’s been a steady decline in large-scale ransomware campaigns, ransomware and other social engineering attacks remain a powerful threat to state and local governments.
For instance, the city of Atlanta was recently hit by a massive ransomware attack that disrupted the municipal court and online bill payment systems. Attackers demanded a $51,000 ransom, and city leaders were left scrambling to restore these systems to service.
The Atlanta case isn’t isolated. According to the Privacy Rights Clearinghouse, no fewer than 61 major attacks have been perpetrated against state and local governments since 2016. Attacks included ransomware, theft of personal information, business email compromise and simple hacking.
State and local governments are primary targets for identity theft and ransomware events due to the treasure trove of data available. These data sources often are in great demand by cybercriminals and fetch strong prices from the underground market.
Risk management firm SecurityScorecard evaluated and graded 552 local, state and federal government organizations. When compared to other industries, governmental organizations were among the lowest scorers in security.1
State and local government entities often are highly complex and dynamic in structure. Such an organization becomes difficult to protect in terms of risk management, information governance and internal controls. This often chaotic environment creates an ideal situation where cyberthreat actors can operate.
One of the best ways to protect IT systems from social engineering attacks is to develop and implement a robust security awareness and training program that involves all users. Professor Thomas Skill, associate provost and chief information officer at the University of Dayton, recommends creating a “cyber-mindfulness” campaign that effects changes in user behavior. He notes that behaviors change when users are convinced of the risk, believe their actions can have an effect and are frequently reminded to think about cybersecurity.2
In addition to making users more aware of cyber risks and committed to practicing good cyber hygiene, there also are technical steps that can be taken to prevent the worst effects of a ransomware attack, including:
- Enabling strong spam filters to prevent phishing emails from reaching the end-users and implementing technologies to prevent email spoofing
- Scanning incoming and outgoing emails to detect threats and filter executable files from reaching end-users
- Configuring firewalls to block access to known malicious IP addresses
- Patching operating systems, software and firmware on devices—consider using a centralized patch management system
- Setting anti-virus and anti-malware programs to automatically conduct regular scans
- Configuring access controls, including file, directory and network share permissions with least privilege in mind
- Implementing effective system logging and monitoring tools
- Regularly backing up data and verifying the integrity of those backups by testing the restoration process
- Conducting an annual cybersecurity assessment—with network penetration testing—to identify vulnerabilities
BKD’s IT Risk Services division is dedicated to helping state and local governments assess their cybersecurity risks, improve their cybersecurity protections and respond to breaches. For additional information, read “Detecting & Mitigating Ransomware Events.”
Contact Jan Hertzberg, Cindy Boyle or BKD Cybersecurity if you have questions.
1“2017 US State and Federal Government Cybersecurity Report,” August 24, 2017
2“Transforming Your User Community from IT Security Adversaries to Cybermindful Allies: Strategies, Tactics, and Lessons Learned,” EDUCAUSE Annual Conference, November 2, 2017