This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
Barraged with cybersecurity news every day, it’s difficult to sift the real danger from the noise. Cybersecurity headlines tend toward the dramatic—even if the concerns are real. For example, the Washington Post recently sounded the alarm about local governments using Kaspersky Lab antivirus software. The federal government removed the software from its approved vendor list because of concerns that it could serve as a backdoor to feed intelligence to Russia, but local governments have kept using it.
An article in Governing notes that “there have been no specific vulnerabilities identified and no evidence of malicious intent released to the public” about Kaspersky Lab. Yet, this story makes headlines because of the media’s current focus on anything related to Russia. The antivirus software may be a risk to cities but that isn’t certain without evidence.
With that said, cities cannot remain passive against well known, serious, and confirmed cybersecurity dangers (even if the news deems them less headline-worthy). For example, the recent WannaCry and Petya attacks that ravaged organizations around the world should not be ignored by cities. Why? These attacks best exploited organizations with weak cybersecurity and poor cyber hygiene. Even the world’s foremost cybersecurity experts pointed out that simple activities like regular software patching, updating operating systems, and backing up data could have eliminated most of these ransomware threats. Congress has even proposed a bill—the Modernizing Government Technology (MGT) Act—that requires government agencies to follow basic IT best practices to prevent cybersecurity attacks.
So, if we dig beneath the flashier headlines, we find five real cybersecurity dangers that most threaten cities—and these dangers should keep you up at night if you’re not addressing them.
1. Ransomware
Ransomware is a virus that encrypts your data with malicious intent. It's a weapon used by a criminal who attempts to steal your money or destroy your property (in this case, your data) if you don't pay a ransom. Once your files are encrypted by the virus, a screen will pop up on your computer with instructions about paying a ransom.
Once you pay, the criminals will hopefully decrypt your data—although there are no guarantees. Remember, these are criminals. Can I trust them? Will my data be restored? Is my restored data unaltered? Do they still have access to my computer? Will this happen again?
As one of the scariest viruses out there, attackers use ransomware more and more often. The ransom price demands are increasing. According to a PhishMe report from earlier this year, ransomware attacks through phishing emails increased from 56 percent in December 2016 to 93 percent in March 2017. Yes, 93 percent!
Quite simply, ransomware has become very profitable for very bad people. Many ransomware attacks have devastated local governments—from shutting down 911 systems to erasing years of criminal evidence. It’s putting communities at risk. Imagine critical systems like water treatment plants being held hostage.
2. Viruses and malware
Hackers still use a variety of viruses and malware to steal information, corrupt or destroy data, shut or slow down your systems, and defame your websites. Viruses and malware enter your computer systems from a variety of sources such as malicious email attachments, websites, ads, pop-ups, and software downloaded from the internet. External hard drives and flash drives can also get infected with viruses and infect computers as people share them.
3. Data breaches
According to Breach Level Index, there have been about 90 government data breaches so far in 2017 alone (as of July 27). Those data breaches include:
Data breaches occur when sensitive and/or confidential information is exposed to the public either accidentally or through a criminal act. The repercussions of data breaches—financially, legally, and publicly—are harsh and last months or years.
4. Phishing
According to a December 2016 PhishMe report, “91 percent of cyberattacks start with a phishing email.” Phishing is an activity performed by hackers to lure people into clicking on malicious links, attachments, ads, pop-ups, and software downloads. Unsuspecting employees are tricked into downloading viruses, malware, and ransomware that leads to data breaches, stolen information, and data loss.
Over 90 percent of cybersecurity attacks originate with human error, which means that your employees may unwittingly become the source of a cyberattack if they are unaware of these dangers.
5. Website Attacks
Your website is an important part of your city. It’s your window to the online world, your public relations vehicle, your library of city information, and possibly the place where many of your citizens pay taxes, fines, and utilities. Website attacks are a favorite of hackers, and many cities experience financially harmful and embarrassing consequences. A few tactics include:
- Denial of service attacks. Hackers flood your website with so much fake online traffic that it crashes—often for days.
- Defaming. Hackers take over your website and replace it with a political message, a porn site, or other embarrassing information that has nothing to do with your city.
- Stealing data. If your website stores sensitive or confidential information that should only be accessible to authorized users (such as a utility customer’s payment information), then hackers can steal this data.
If your city has poor cybersecurity, it’s extremely likely that one of the scenarios above will happen to you. Hackers are looking for easy targets, and their methods grow more sophisticated. Don’t be an easy target, and don’t be passive about the cyber risks your city faces.
Concerned? If your city has uncertainty around cybersecurity, then you need to especially examine your:
- Data backup and disaster recovery: If the worst happens, then you need to recover your data. Your data backup should contain an onsite and offsite component—with regular testing to make sure it works. Your data backups should also be stored separately from your day-to-day data so that backups don’t get infected with a virus or malware.
- Updates and patching: Your software—both operating systems and applications—needs regular updates and patches. For example, most organizations hit by the WannaCry ransomware virus failed to implement a patch that Microsoft had released a few months before the attack.
- Antivirus and antispam: Your city needs enterprise-grade antivirus and antispam that’s regularly updated and monitored by IT professionals.
- Trusted, professional website hosting: Your website needs to be hosted by a trusted vendor that maintains high security.
- Access controls: Only authorized employees should be able to access specific hardware, software, and systems at your city.
- Policies and compliance: Clear, thorough information security policies and procedures will ensure compliance with the law and help prevent cybersecurity incidents.
- Employee training: Because human error is at the root of such a high percentage of cyberattacks, you need to train your employees about phishing, identifying malicious links, and staying vigilant when they use the internet.