Commentary
5 steps to protect municipal IT systems from a cyberattack
Municipalities continue to be prime targets for cybercriminals. Unfortunately, many cities and county governments are just one click away from a ransomware infection. If not caught quickly, the loss of encrypted files can grind everyday constituent services to a halt and erode public trust. Remediation, as municipalities such as Baltimore are finding, is often an expensive and time-consuming endeavor.
Here are five steps to consider right now to help your organization from becoming a victim.
Prioritize your files. It’s not databases that get hit with ransomware—hackers are targeting your organization’s file systems. Unfortunately, digital files are often copied, saved, shared, and moved to the point where many organizations have lost control. In a recent report, more than one in five files in the average company were open to everyone. In the event of a ransomware attack, a hacker will be able to access and encrypt every file the compromised account could open. Locking down your data to a least-privilege model, in which information is only available to employees who need it, will help keep data safer from unauthorized access by hostile insiders and external attackers.
Update and enforce your password policy. Network security once meant firewalls and spam filters, which are child’s play for most attackers today. Attackers only need to compromise one account to gain a foothold on a network. From there, they can move around and escalate their network privileges. When employees or department logins remain unchanged for months – or even years – hackers have the time they need to run brute-force attacks to crack passwords and gain access. Enforce password policies that require long passwords – shorter ones are much easier to crack and can leave a network exposed.
Remove access as employees and contractors leave. Municipalities could have thousands of employees and temporary workers leave or change roles over the course of a year. While onboarding new arrivals, it’s easy to overlook old accounts. In our recent report, we found that 40% of companies had more than 1,000 stale, but enabled, user accounts that allowed former employees, and any hackers with those login credentials, to gain access. Delete these accounts and remove a common on-ramp for hackers.
Follow a framework. The NIST Cybersecurity Framework was designed to be a repeatable, consistent and measurable approach to protecting critical infrastructure. This framework can also be used as a guide to protecting an organization’s data. Just as the framework helps IT and security personnel manage and defend systems and applications, it can help these same teams prepare for security events targeting your data. With the NIST Cybersecurity Framework as your guide, you can work to develop an approach that prioritizes the protection of your agency’s critical information.
Set your organization up for success. Ensure your organization’s standard operating procedures include regular back-ups across departments. Patches and system updates are easy ways to protect your organization, but are easily overlooked in the day-to-day rush of IT requests. Have a plan in place to respond to alerts and unusual activity in real-time, including off hours and holidays when attackers know they are less likely to be detected. Make it easy for employees to report unusual issues and suspicious emails. Bring your IT and security experts to your next leadership meeting for a candid conversation around your organization’s ability to fend off a ransomware attack or breach.
Hackers can remain undetected for weeks or months, biding their time before launching an attack. Don’t let your guard down. The time to act is now.
Brian Vecci is the Field CTO for Varonis, which offers data security and insider threat detection software solutions.
