How To Prevent An Attack & Protect Information Resources
As a precautionary measurefollowing a possible Ryuk ransomware attack on government information infrastructure, the mayor of New Orleans declared a state of emergency. This is one example of many attacks that have taken place over the last year. Municipalities and other forms of government are under constant threat from cybercriminals.Learn how topreventcyberattacks, andsafeguard digital assets for enhanced cybersecurity and risk management.
- At 5:00 am, CST, Friday, December 13, 2019, a ransomware attack took place targeting New Orleans’ state government servers.
- The city government’s cyberattack prevention team did not detect the incident until around 11:00 am, a full six hours after it happened.
- As a precautionary measure, a state of emergency was declared post-incident, due to a possible Ryuk ransomware attack.
- Employees were told to shut down their computers, unplug various network devices, and disconnect from Wi-Fi.
Cyberattacks, especially ransomware attacks on government agencies, have been consistently on the rise ever since the creation of the Internet. Ransomware attacks are no longer carried out on large enterprises. Cybercriminals see a lot of value in the data stored on government information infrastructure, as people use government websites for paying utility bills, accessing their birth certificates, and other personal transactions.
A shutdown of these websites causes panic and inconvenience for the public, and that’s exactly what cybercriminals want. In this article, we’ll discuss the recent attacks on government bodies, the risks municipalities face, control measures that need to be taken, and more.
Recent Cyberattacks On Municipalities & Local Government Bodies
It was business as usual for the government employees of New Orleans when the day started. Within a few hours, they received an internal message to shut down their systems and disconnect all devices connected to their operations.
Only after a state press release, it came to light that cybercriminals had attacked the state machinery. Mayor LaToya Cantrell, after that, declared a state of emergency in New Orleans as a precautionary measure in what is being perceived as a likely Ryuk ransomware attack, while the forensic investigation is still in progress.
What Is Ryuk Ransomware & How Does It Spread?
Ryuk ransomware targets various organizations worldwide, and demands ransom payments for the return of the information. Payments generally range from 15 to 50 Bitcoins (BTC).
The targeted method of a Ryuk ransomware attack is called “big game hunting” and it uses customized campaigns to target a department or an entire organization. The virus tricks the users into downloading an infected attachment or clicking a malicious link in an email.
Once an employee knowingly or unknowingly clicks a malicious link, the malware is dropped in the organization’s network, and it starts doing espionage, extensive mapping of critical information assets, and slowly begins encrypting files. Ryuk is also assumed to be the reason for the attack against the state of Louisiana in July 2019 that resulted in a declaration of emergency.
The Risks Municipalities Face From Cybercriminals
A few years ago hackers focused on hospitals. They started attacking hospital servers and achieved some success in blocking access to critical medical records. While some hospitals yielded to the demands of cybercriminals and paid ransom to gain access, others bolstered their security measures.
Once hospital servers were secured with various security risk assessment tools, cybercriminals turned their focus on municipalities that still run their servers on outdated hardware and software.
How Can Municipalities Protect Themselves From A Cyber Attack?
Even though municipalities hold a lot of critical and sensitive information, not many of them give a lot of importance to cybersecurity. Some are still using outdated Windows 2000 operating systems, and few municipalities allot an adequate portion of their budget to cybersecurity and risk management.
- A proactive approach is necessary in this current climate, and municipal organizations must arm themselves and be prepared to thwart a digital disaster.
- Municipalities and government departments must ensure that specialized vulnerability assessment tools are installed to strengthen their security perimeters.
- Proper reporting tools and integrated security updates should be in place, in addition to phishing simulation and even dark web monitoring.
- Also, every application on the government servers needs to be updated with the latest version, including cyber-security risk assessment tools, anti-virus software, and firewall solutions.
- Data must be encrypted using the latest encryption techniques in every stage of the data lifecycle, i.e., in transit, at rest, and while processing.
Role Of Employee Training In Securing Information Assets
A report published in the State of Privacy and Security Awareness Report states that 3 out of 4 employees show a lack of cyber awareness. Many employees don’t even have basic knowledge about cybersecurity. Cyber adversaries use that to their advantage and devise malicious plans centered around those employees.
Even a single click of a URL or an attachment download can lead to a shutdown of the entire network. Hence, municipalities need to invest more in phishing awareness, and cybersecurity training for their employees with an emphasis on mandatory security protocols they must follow.
Why Phishing Is The Biggest Threat Facing Municipalities
Ryuk ransomware has surfaced repeatedly in recent times resulting in shutdowns of government departments, notably states like Louisiana and Florida. At the same time, phishing attacks are on the rise, and it is estimated that more than 90% of data breaches are caused by phishing attacks. While ransomware attacks are targeted toward servers, phishing attacks are aimed at individuals.
Since people can be manipulated emotionally, they are easily deceived. Generally, people are lured with attractive bait online and wrongly believe, that the email is from a trusted source.
Employees handling critical information like finance and other sensitive data need to stay alert to the danger at all times. The best way to protect an organization from phishing attacks is to view every email as a possible phishing email. This way, people remain conscious of scams and cut down on the number of successful phishing attacks.
Why Municipalities Should Focus On Phishing Exercises
Municipalities and other government entities can take control by conducting periodic cybersecurity risk assessments to identify their risk profiles and plan security strategies accordingly. Hackers continue to enhance their skills using advanced and innovative hacking strategies to bypass security tools. For this reason, municipalities must turn toward trusted and proven third-party cybersecurity providers like Helical to prevent phishing attacks and protect their digital assets at all times. Cybersecurity offers several automated and easy to deploy solutions and security risk assessment tools. These tools work together to create a unified cybersecurity management platform. This helps municipalities and government bodies assess, scan, protect, and track their information assets and enhance cybersecurity.
A Summary Of Countermeasures For Municipalities
It is said that it is “better to dam the brook than the creek.” Hence, municipalities need to be proactive as opposed to reactive and implement countermeasures by having a sustainable cybersecurity program in place. Some measures include:
- Regular risk assessments to identify security vulnerabilities.
- Make use of reporting tools to track the progress of security solutions.
- Create a dedicated cybersecurity risk management team.
- Conduct employee phishing simulation awareness and training programs.
- Implement endpoint security.
- Have all software and applications updated to the latest versions.
A major concern for municipalities is that sometimes ransomware attacks go undetected for an extended period of time. That’s why it is important to have preventive measures in place triggered to block access to sensitive data. It is high time municipalities adopt cybersecurity best practices, implement reliable security solutions, allocate sufficient funds for a security budget, and most importantly, implement the necessary cybersecurity and risk management frameworks.