Ransomware attacks against state and local governments have been on the rise over the past few years. According to research by the cybersecurity firm Recorded Future, there were 81 such attacks through the first nine months of the year, a 68 percent increase over the 55 attacks for all of 2018. Over the past six years, state and local agencies in 48 of the 50 states have been hit.
The problem has become so acute that four government agencies took the unusual step of issuing a joint statement urging state and local governments to beef up their security efforts. In July, the Department of Homeland Security, the National Association of State Chief Information Officers, the National Governors Association and the Center for Internet Security urged officials to take “immediate action.”
City and state governments are often targeted because they lack adequate security systems and support, and they often run unsupported software on outdated systems. What’s more, budget constraints make it difficult for agencies to attract and retain talented IT professionals.
Ransomware isn’t the only threat, either. The public sector is also frequently targeted by email-borne malware and phishing attacks designed to steal data and conduct cyber-espionage. Hackers know agencies have mountains of valuable data about citizens, contractors and investors.
A Layered Defense
To address these threats, public-sector organizations must continue to employ a variety of strong countermeasures as part of a multi-layered defense. That includes firewalls and intrusion detection systems to create a strong perimeter, along with antivirus, anti-malware and patch management software for endpoint protection. Tried and tested data backup and disaster recovery systems provide a critical last line of defense.
Cybersecurity professionals also stress the value of connecting with potential partners in the private sector. For example, a comprehensive assessment from a managed security provider can help identify any security gaps — as well as the modifications necessary to close those gaps before an incident occurs.
Assessments usually begin with a series of internal and external network scans to search for known vulnerabilities. A detailed report of the scan findings will describe any identified vulnerabilities, how they might be exploited and how that might impact the organization. Based on these results, security analysts will offer suggestions for remediating the vulnerabilities.
Penetration tests go much deeper. They are essentially “white hat” hacking exercises in which analysts simulate attacks. The process allows organizations to view the entire technology infrastructure from an attacker’s perspective. It is a powerful illustration of the organization’s technical, operational and physical controls — as well as their shortcomings.
Conduct Regular Assessments
Finally, a strong security risk assessment should include an audit of all network and security devices in the infrastructure. A primary goal is to ensure that devices and operating systems are configured such that no open, unneeded services could be exploited.
In addition to boosting security against cyber threats, regular assessments also demonstrate to auditors that the organization’s security and control processes are in place. In many states, such assessments are required for compliance with regulations related to the protection of sensitive government information and citizen records.
With decades of experience working with public-sector organizations, Cerium understands the challenges facing IT staffs with overwhelming day-to-day responsibilities, limited budgets and scarce resources. We’ve successfully conducted countless assessments that laid the groundwork for a comprehensive security approach featuring real-time, layered protection, mobile security and multi-level encryption. Contact us and let us assess your current security posture and offer suggestions for boosting your protection.