As cyber threats evolve, cities and counties need to safeguard staffers’ mobile devices
No question, more local governments are facing cyber threats in 2024, says Tim LeMaster, vice president, worldwide systems engineering at Lookout. His firm is a data-centric cloud security company. It uses a defense-in-depth strategy to address the different stages of modern cybersecurity attacks, which now start with infiltrations of mobile devices. The following link includes Lookout case studies and white papers and other resources.
He adds that more cities and counties are at risk of ransomware attacks today. “As more state and local agencies adopt cloud technology and migrate valuable data, criminals’ methods for carrying out ransomware attacks have become more sophisticated.”
LeMaster says we are seeing an evolution in cyber crime. “Traditionally, criminals targeted vulnerabilities in legacy systems, which required significant effort and could have taken months to see to completion. Now, criminals are using advanced social engineering and phishing tactics to target individuals’ legitimate credentials. Using these credentials, criminals can gain access and move laterally across state and local networks, allowing them maximum control to steal data or deploy ransomware.”
He adds that cyber mischief today can be lethal very quickly to government IT operations: “These modern kill chain attacks are quick and highly effective, accelerating the timeline for ransomware and other cyberattacks from months to minutes.”
City and county IT administrators need to understand how the threat landscape has evolved, LeMaster says. He says it is impossible to prepare for ransomware attacks if you don’t have a clear picture of the tactics criminals are using when they target an agency’s systems.
“A modern kill chain attack begins when a threat actor sends a phishing link to a potential victim through a method like SMS. The link appears to come from a legitimate contact, such as the agency’s IT support team,” LeMaster explains. Short message service (SMS) is a technology for sending short text messages between mobile phones and other devices.
LeMaster continues: “If someone clicks on the link, they may be directed to a phishing site and asked to provide credentials and multi-factor authentication (MFA) tokens, or surveillance-ware could be installed on their device, allowing attackers to access their government accounts or monitor device activity. Either outcome allows the attacker to impersonate or spy on the victim, potentially exposing sensitive government data.”
He notes that a ransomware attack on local government can often be overlooked. “For busy employees at small or understaffed local agencies, it’s easy to miss the signs of attack on mobile devices where these indicators are subtler and generally less expected. Employee education coupled with the visibility from robust mobile threat solutions can better protect state and local agencies from ransomware.”
Local governments should ensure that their employees’ electronic gear is secure from hackers. LeMaster offers the following points:
- Mobile devices are often overlooked but are critical threat vectors. Many state and local agencies prepare for email-based attacks, but fewer safeguard against threats from messaging apps, social media and SMS.
- Phishing is especially effective on mobile devices due to small screens hiding subtle URL changes and the wide range of apps that offer attackers countless ways to compromise accounts and gather data. In fact, the rate at which users are receiving and tapping on phishing URLs on their mobile devices has grown by an average of 85% year-over-year since 2011.
The shift to work-from-home and other workplace trends can leave local governments and other organizations more vulnerable, according LeMaster: “The increase in hybrid and remote work and bring-your-own-device (BYOD) policies within state and local agencies has made mobile devices a priority target for hackers seeking easy access to sensitive information. Security teams have significantly less visibility into these devices than they do into government-owned devices, meaning it’s harder to manage these increased risks.”
LeMaster spotlights a couple of security tools that the public sector can use to fight off hackers and ransomware threats on their workers’ mobile devices:
- Local agencies can protect themselves with mobile endpoint detection and response (mobile EDR). With a comprehensive view of all mobile device activity provided by mobile EDR, IT teams can proactively identify and address threats and significantly shorten incident response times.
- Mobile threat defense (MTD) solutions provide comprehensive protection from threats such as phishing, malware, network and device compromise. MTD solutions are also crucial for a comprehensive defense strategy, as they provide an extensive view of the risks and vulnerabilities associated with mobile devices.
LeMaster offers the following best practices that governments should follow to ensure their IT systems are safe from hackers and cyber criminals:
- BYOD policies are a reality of modern work culture, and agencies should account for that by creating and enforcing security policies for personal devices used for work.
- Agencies should encourage all employees to enable MFA on all work-related devices to prevent mobile phishing and other threats.
- Local governments should continually update security training to help employees recognize and understand the risks of mobile phishing attempts. As a best practice, any government employees who receive credential requests should exercise caution and verify the request with IT management.
LeMaster says IT security budgets may be somewhat tight for cities and counties. “Balancing limited resources, competing priorities, and cyber defenses is an ongoing challenge for local agencies. Allocated funding is often not enough to enhance all the necessary cyber defenses, leaving vulnerabilities and forcing security teams to rely on outdated systems or emergency management funds to meet basic security standards. Moreover, any funding provided often goes toward other priorities, neglecting the increasingly sophisticated threats to mobile devices.”
LeMaster executive predicts that artificial intelligence (AI) will serve dual roles as cities and counties work to secure their IT systems. “AI is both a threat and a solution. Many agencies see AI as a security risk because criminals can use it to identify vulnerabilities and improve social engineering tactics. However, AI is vital for defending against modern kill chain attacks, where criminals’ dwell time is minimized. AI can automate threat detection for resource-constrained agencies, allowing them to respond quickly to security incidents. AI also has the power to streamline threat analysis and enable faster decisions, which is crucial to staying ahead of criminals.”
Michael Keating is senior editor for American City & County. Contact him at [email protected].