By Pete Nicoletti, Check Point Field CISO, Americas
In recent months, several American cities were hit by debilitating and disruptive ransomware attacks. For example, in Dallas, ransomware forced 911 dispatchers to rely on pens and paper for reporting purposes. And in Oakland, ransomware resulted in the release of city employee and resident data. These kinds of attacks serve as a wake-up call for local government groups to increase cyber security resilience.
Ransomware attacks targeting local governments are becoming more numerous and complex, and are having a more profound impact on local populations than ever before. Fifty-one percent of local government organizations have reported experiencing ransomware attacks.
We are also seeing cyber criminals advancing their strategies and leveraging sophisticated attack types. To that point, generative AI tools, such as ChatGPT, enable cyber criminals without any coding knowledge or advanced English skills to quickly create realistic phishing emails and malware.
Protecting cities is imperative. What can be done?
First, start with cyber safety tips and training for employees: Frequent cyber security awareness training is crucial in helping to protect cities and infrastructure from ransomware. This training should instruct employees to do the following: Not click on malicious links, never open unexpected or untrusted attachments, avoid revealing personal or sensitive data to phishers, get approval/verify software legitimacy before downloading it, never plug an unknown USB into their computer, use a VPN when connecting via untrusted or public Wi-Fi, not open personal emails that have not been checked by corporate protections, and to use unique passwords for every application and multi-factor authentication for access to confidential applications/data. NEVER count solely on employees to make the right decision when targeted with a good phishing email. IT must have multiple layers of defense since employees will click on anything!
Second, keep software updated and patched: Ransomware attackers sometimes find an entry point within apps and software, noting vulnerabilities and capitalizing on them. Some lower-cost security vendors have also been the compromised vector. Fortunately, most OS and app developers are actively searching for new vulnerabilities and patching them as well as quickly responding to new vulnerabilities.
If you want to make use of these patches, you need to have a patch management strategy and tools in place — and you need to make sure all of your team members are constantly up-to-date with the latest versions. Weekly “credentialed” vulnerability scanning can validate that all systems are up-to-date and if not, need attention. Keeping computers and servers up-to-date and applying security patches, especially those labeled as critical and high risk, can help limit a city’s vulnerability to ransomware attacks.
Third, choose prevention over detection: Many technology vendors claim that attacks will happen, and there is no way to avoid them. Therefore, the only thing left to do is to invest in technologies that detect the attack after it has already breached the network and to mitigate the damage as soon as possible.
This is not true. Not only can attacks be blocked, but they can be prevented, including those involving zero-day attacks and unknown malware. With the right technologies in place ahead of time — in your cloud assets, your laptops and computers, your email protection and in terms of your firewalls — most attacks, even the most advanced ones, can be prevented without disrupting the normal flow of business.
Finally, work with city leaders to ensure that the cyber security program is fully funded, that the program becomes increasingly mature, that it continues to build cyber resilience by continuously assessing your vulnerabilities…etc.
In addition, establish and practice an incident response process in case attacks do occur, and keep up-to-date on the latest cyber threats and trends. Remember that cyber criminals are always trying out new ways to hack your systems and that vigilance is key in staying a step ahead.
For more insights from CISO Pete Nicoletti, please see CyberTalk.org’s past coverage. Lastly, check out the CyberTalk.org newsletter! Sign up today to receive top-notch news articles, best practices and expert analyses each week.