fbpx

Cybersecurity and Ransomware – What You Need to Know

Ransomware attacks are a fact of life these days. In 2018, there were only 55 publicly reported attacks and less than $60k in demanded ransom followed by 2019 with more than 163 ransomware attacks targeting local governments that ended with at least $1.8M paid to cybercriminals.

Cybersecurity experts reported an 800% surge in cybercrime since the start of the pandemic, with approximately 4,000 cyberattacks occurring every day. Atlanta and New Orleans were well-publicized ransomware events spending $17M and $7M respectively to recover. The reality is that this has become commonplace.

Roger Murphy, Avenu’s Director of IT, has lived through such an attack and here’s what he learned.  Everyone thinks they’re prepared until it happens. And the clock will start ticking before you know you have a problem which puts you in a position of playing catch-up from the very beginning.

The truth is ransomware attacks are so disruptive to an organization that many of the following insights can also be applied to any disaster scenario, like a fire, earthquake or hurricane.

Preventative measures are necessary, but nothing will provide you with 100% protection. Most organizations have taken reasonable measures to prevent cyber-attacks such as having employee policies in place to ensure acceptable behavior occurs. In addition, the IT infrastructure and applications that support the business are usually in a supported state with protections in place. But roughly 70% of Ransomware occurs via Phishing; meaning that one person on your staff can innocently click on the wrong link or attachment in an email or text and put an entire organization at risk. You will not know this has occurred until the moment you cannot access your files and you receive a ransom note informing you that your files have been encrypted.

Real Life Scenario

One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky’s the limit for attackers.

Once the attacker got their hands on the accountant’s email credentials, they logged into the accountant’s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money.

Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats.

Organizations must educate their workforce so that employees can recognize threats and take appropriate action to protect the organization.

So if 100% protection does not exist, what should local governments be doing? There are 4 important questions you must answer to help guide you.

1. Do we know we are being attacked?

Cybersecurity architecture is one of the core components of digital safety. Poorly designed or shoddily implemented digital systems can entail significant cybersecurity vulnerabilities. It’s not necessarily a matter of bad technology; cybersecurity is as much as about how well you’ve built new technologies into your existing systems and communication channels as it is about the quality of the technology itself. Good data backups, up-to-date cybersecurity software and secure network connections are all parts of good cybersecurity architecture. And nowhere is the importance of cybersecurity architecture more evident than in our remote workforces today. The architecture that is implemented must also be supported with the tools and capability to alert you that you are under attack, or that you have been compromised.

2. Can we stop an attack?

Once alerted that you are under attack or that you have been compromised, you must have the capability to stop it. Using tools and security systems that include automated responses can accomplish this. The use of AI, and the use of machine learning to stop the attack is critical due to the complexity of the attack and the speed at which damage can occur. Without this capability, you are leaving the action to stop the attack to your staff who will follow policy and procedure. The inherent delay in this type of response allows significant damage to occur to your environment. Time is not on your side during an attack.

 

3. Can we safely restore or recover?

You must be able to restore and recover the environment. It is critical that the backup policies that are put in place address how frequently you want to take backups (Recovery Point Objective or RPO). RPO is concerned with the amount of data that is lost following the event. Losing citizen transactions can be catastrophic so the more frequent the environment is backed up means that if there is an event you will lose less data.

It is equally critical that you address the amount of downtime you can tolerate (Recovery Time Objective or RTO). RTO is concerned with applications and systems and amount of time those systems can be down. Within Public Safety organizations for instance, the tolerance for downtime can be zero or only a few minutes. Having the capability to ensure the infrastructure and applications to come back online quickly must be factored into your decisions.

4. Do we have action plans already in place so we can jump into action?

Partners, Suppliers, and Vendors

As an organization, we rely on our partners, suppliers, and vendors to help us deliver goods and services. It is critical that they understand our needs should we be attacked, and that we have a plan of action in place with each of them. In one case study, we needed 500 disk drives to replace those that had been destroyed during a Ransomware attack. Our partner at the time could not deliver that quantity. That left us in a very difficult situation, and we had to scramble to find those disk drives. I recommend that you have agreements in place with your partners so that you have the capability to quickly recover.

Internal Employees

Within the organization, we rely on our employees to help us stop these attacks. Here are some key takeaways to remember:

  • These attacks are Criminal activities. You are the target. If the bad guys can gain access to your computer, then it is too late.
  • People are the weakest link. Every employee is a target from the temp worker to the CEO.
  • Email is one of the most common and most successful attacks on the internet. Recent statistics cite up to 90% of successful attacks against businesses begin with a malicious email.
  • Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats. It’s up to you!
  • If your team has not already began a security awareness training campaign, I highly recommend you have the discussion with them right away.

Want to learn more about ways of making your organization better prepared and more secure? Please reach out to us at succeed@avenuinsights.com.

September California Legislative Update

On September 10, 2021 at 9:00PM, the Senate and Assembly adjourned session for the year and are not scheduled to return to the Capitol until January 3, 2022. This end of session was far less exciting than in prior years, partially because of the 72-hour in print rule, and partially because some issues were punted to next year, including highspeed rail.

A high-profile proposal from Assemblywoman Buffy Wicks (D-Oakland) mandating employee vaccinations and requiring proof of vaccination in indoor public places such as restaurants and movie theaters was quickly introduced and shelved, and several controversial public safety measures were put off until 2022.

Below is a summary of key legislation moving through the California State Legislature

CA Legislative Update September 2021

Avenu Goes Green with Index Prints

Did you know that it takes 238 trees to make 1,888 reams of paper which equates to 944,000 pages? Avenu prints 944,000 pages of Index Prints for our customers each year!

Avenu is committed to doing our part for a sustainable future.

Managing land records is already complex and receiving volumes and volumes of large binders with printed indexes is both time consuming and burdensome. Our clients have asked for it, and we’re delivering as Avenu goes green with Index Prints.

When cities and counties had to close their offices during the pandemic, Avenu responded by creating electronic searchable Index Print Reports as PDFs in addition to printing paper indexes. This enabled closed offices to email Index Prints and provided access to this business-critical data for researchers, attorneys and businesses that service the Title and Mortgage Industry. Each index print is a Printable PDF and easily searchable and offices can always print them if desired.

Join us as our Index Print services go completely green by January of 2022!

How Monroe County Executed Its Paperless Initiative

Monroe County was established in 1821 and the amount of papers that was accumulating from the span of 200 years was exponential…leading the County to embark on the Paperless Initiative. Today we’re going to discuss what drove the county to venture towards this initiative and the steps they’re taking to achieve it.

powered by Sounder

As the County Archivist, Kelly Smith , is responsible for managing the long-term storage and preservation of official records and ensuring that the public has access to them.

Together we discussed:

  • The situation storing 200 years worth of paper.
  • Top factors to consider when looking for a vendor to help go paperless.
  • Understanding state record retention rules
  • Workflow for digitizing a large collection of records
  • Changes in storing, and retrieving documents.

This discussion was taken from our show Local Government Insights. If you want to hear more episodes like this one, check us out on Apple, and all your other favorite podcast platforms. Take a moment listen on your favorite platform. We would appreciate your reviews and feedback as we continue to release upcoming episodes.

President Biden Visits Avenu’s New Orleans Sewerage & Water Board Client

For over 20 years, Avenu has been providing IT Managed Services to the Sewerage & Water Board of New Orleans (SWBNO). For this effort, we partner with a Disadvantaged Business Entity and together employ 43 staff members (23 Avenu employees).

New Orleans sits 20 feet below sea level and visitors are always astounded to be outside and look up to see a ship going down the Mississippi River. SWBNO holds the responsibility for providing drainage and sewerage facilities 24 hours a day, 365 days a year, where and when they are needed and for providing drinking water to thousands of homes in the city.

President Biden’s trip to New Orleans was to specifically tour SWBNO. Why? SWBNO has been using the same technology to drain the city since the 1910s. On 6 May, the President toured the SWBNO facility that houses the city’s century-old turbines – more than half of which are broken – that power a network of drainage pumps.

President Biden wanted to tour and highlight SWBNO as a prime example of a facility that is in dire need of modernizing its infrastructure. The President specifically named SWBNO in his $2.2 trillion proposal to revamp the nation’s infrastructure and replace major components of our facility.

It was in 2005 when Hurricane Katrina struck New Orleans breaching the levees which caused 80% of the city to be underwater and resulted in thousands of citizens losing their lives. According to SWBNO’s history, the impact of Hurricane Katrina devasted the board’s water, sewer, drainage and power generation systems.

Over 300 Sewerage & Water Board employees manned their stations at board facilities throughout the city during Hurricane Katrina and during the catastrophic flooding that followed. These Sewerage & Water Board ‘Katrina Heroes’ literally risked their lives and their personal safety to salvage and repair vital Sewerage & Water Board facilities and equipment that made it possible to dewater the city in only 11 days after the levee breaches were repaired.

Maintaining SWBNO’s infrastructure is critical.

When asked about the challenges of dealing with storms, Avenu’s Program Manager at SWBNO remarked that I am so proud of the entire SWBNO team. Last year we had eight named storms and direct hits come through which is an extraordinary amount for the team to deal with to keep the City safe. I am so grateful to lead and work with such a wonderful team. They are the best!”

COVID Impact on Tourism Leads to Investment Opportunity

If you work in government in a tourism town, the pandemic was a nightmare come true.

powered by Sounder

But what happens when the tourists don’t stop coming?

That’s exactly the situation Jess Knudson, a City Manager from Lake Havasu, AZ, found himself in last year. He joined the show to share how he tackled the issue.

We discuss:

  • The initial dropoff and later surge of tourism in Lake Havasu
  • How Jess helped navigate budgeting and allocating resources to tackle the problem
  • The challenge of navigating government financial support in the wake of the pandemic
This discussion with Jess Knudson was taken from our show Local Government Insights: Modernizing Government Leadership. If you want to hear more episodes like this one, check us out on Apple Podcasts or Spotify.

 

If you don’t use Apple Podcasts or Spotify, you can find every episode here.

How Florence, Alabama Found Millions in Sales Tax Revenue

With just over 40,000 residents, Florence is Alabama’s 11th largest city. Home to the University of North Alabama, this vibrant and welcoming town also hosts the state’s most popular renaissance festival, held annually each October.

powered by Sounder
Bob Leyde, beloved City Clerk for the City of Florence, Alabama, is a pillar of the local community as well as a talented and innovative administrator. He wisely utilized Avenu’s vast capabilities to generate up-to-the-minute analytics for more accurate projections of sales tax revenue during the COVID pandemic and increase the efficiency of his administration staff.
Here’s a sneak peek:
  • Detailed reporting helped Bob overcome budgeting challenges and increase compliance.
  • Accurate and real-time information about current business opportunities and revenue collection is crucial to his decision-making process.
  • Avenu streamlined the city’s tax administration with a laser-focused audit process.
  • Bob encourages leaders of cities of any size to see how Avenu’s technology can optimize operations and maximize revenue generation.

This discussion was taken from our show Local Government Insights. If you want to hear more episodes like this one, check us out on Apple, and all your other favorite podcast platforms. Take a moment listen on your favorite platform. We would appreciate your reviews and feedback as we continue to release upcoming episodes.

July California Legislative Update

In recent weeks, the state legislature has been working actively on their state budget proposals and to meet the statutory deadlines to move bills from their house of origin to the other house by the June 4th deadline. On May 19th, the Speaker Pro Tempore Toni Atkins announced that each legislator would be limited to sending 12 bills to the opposite house. Some bills may be excluded from this requirement if they are being proposed to be implemented immediately. Below is a summary of key legislation moving through the California State Legislature

Read the full July Legislative Update here.

UCLA Anderson Forecast July Economic Outlook

Avenu in partnership with the UCLA Anderson Forecast collaborates to provide both micro and macro level views of the economic health of California at the state and local levels. The following economic information has been provided by our colleagues at UCLA Anderson Forecast. We’ve also attached our recent sales tax forecast assumptions.

Read the full July Economic Forecast Here.

Sales Tax Forecast Assumptions

July California Budget Update

The Administration and Legislature are nearing final agreement on the Budget Act of 2021. The Legislature sent SB 129 to the governor on June 29 amending the Budget Act of 2021 (AB 128). AB 128 contains the Legislature’s Budget which the governor signed; however, the bulk of the final budget agreement is contained in SB 129. This is the first time in ten years that the actual budget agreement was not signed on or by June 30.

Read the full July Budget Update here.