As the saying goes, when nightmares come true, only then are people truly awake and take notice.
As per a recent news report, Lake City, Florida had been hit by a ‘triple threat’ ransomware attack which disabled its computer servers, telecom networks and email systems. The city officials paid 42 bitcoins worth $460,000 in exchange for a decryption key, after failing to restore the networks by themselves. Consequently, the city’s Director of Information Technology was fired from his job.
The attack came right after a similar incident in Riviera Beach, Florida, where the IT officials paid nearly $600,000 to ransomware criminals.
The IT professionals in Lake City are now preparing to revamp the IT department and implement measures to keep their systems secure.
Ransomware attacks are on the rise, with local government offices being frequently targeted.
What Makes the Public Offices and Government Organizations Vulnerable to Cyber Attacks?
One of the primary reasons government agencies are facing these security issues is the outdated systems. Many agencies are stuck with legacy systems owing to inadequate budget and due to the type of work they perform. For example, the IRS uses the same applications they used in the 1950s, and these must be kept running 24/7 lest they fall behind on taxes. Homeland Security continues to use Windows XP and Windows Server 2003 on most of its computers even after Microsoft had discontinued its support for these operating systems years ago.
Unsupported legacy systems don’t get security patches, so any new critical vulnerabilities are a serious problem. Cybercriminals are well aware of this and make the most of them by attacking government organizations.
Indifference Towards Cyber Hygiene
The other reason for public offices becoming a hot target for cyber attacks is apathy over cybersecurity by government officials. Most government employees do not take cybersecurity seriously or simply have no inkling that their systems could be hacked. And when attacks like these happen that’s when they start to understand the importance of cybersecurity.
Four Steps to Keep Your City Safe from Cyber Attacks
Cybercriminals have come a long way in the past few years. And, now civilians are threatened with attacks affecting the infrastructure of our daily lives.
Swamped with cyber threats, it’s time for government agencies to take immediate measures to thwart cyber attacks and keep their systems secure.
Here are four crucial steps government officials should take to address their security issues and keep their IT infrastructure safe from cybercriminals:
1. Be prepared with a proactive incident response plan
Government agencies should be prepared with an incident response plan detailing the role of every individual in case of a breach. Organizations must bridge gaps in coordination between employees and third-party vendors if any, to enable proactive risk management.
2. Patch on time to reduce risks
The US Department of Homeland Security (DHS) has issued a new Binding Operational Directive (BOD 19-02) instructing government organizations to patch critical vulnerabilities within fifteen days and high severity vulnerabilities within thirty days.
Patching on time helps reduce the attack surface and ensures vulnerabilities are mitigated quickly. Automating patch management is moving a step ahead. With tight budgets and limited manpower, government agencies can make sure that patches are not missed across the entire network with an automated patch management solution.
3. Have a proper business continuity and recovery plan
Government agencies need a solid backup and disaster recovery (BDR) plan. This is a critical requirement to protect against ransomware attacks, for example.
A fool proof method of backing up data would be a combination of onsite and cloud backup, also known as hybrid cloud backup. An onsite backup is especially handy when facing internet connection issues due to system disruption. In such cases, IT professionals can quickly restore backups from local appliances. As for cloud backups, these are cheaper, scalable and can act as a secondary off-site location to keep the backups safe.
A hybrid cloud backup and disaster recovery method is highly efficient and less expensive than other methods. With this, organizations can control the costs associated with BDR solutions.
4. Develop cybersecurity skills in the workforce
For government organizations to be fully prepared to tackle cyber threats, IT directors should have a long-term vision which includes up-skilling their employees in areas of cybersecurity. With budget constraints always at the forefront of concerns, it might not be feasible to routinely train every member of the team. Instead, areas to focus can be prioritized and worked upon to implement effective up-skilling.
IT directors should have an effective strategy to keep their IT Infrastructure secure. They cannot afford to wait for another attack before they act. At the rate cybercrime is growing, we all know that there is a cyber attack coming, and when it does everyone needs to be ready.
Are you looking for a complete IT security solution for your organization? Look no further than Kaseya.