Ransomware attacks are a fact of life these days. In 2018, there were only 55 publicly reported attacks and less than $60k in demanded ransom followed by 2019 with more than 163 ransomware attacks targeting local governments that ended with at least $1.8M paid to cybercriminals.
Cybersecurity experts reported an 800% surge in cybercrime since the start of the pandemic, with approximately 4,000 cyberattacks occurring every day. Atlanta and New Orleans were well-publicized ransomware events spending $17M and $7M respectively to recover. The reality is that this has become commonplace.
Roger Murphy, Avenu’s Director of IT, has lived through such an attack and here’s what he learned. Everyone thinks they’re prepared until it happens. And the clock will start ticking before you know you have a problem which puts you in a position of playing catch-up from the very beginning.
The truth is ransomware attacks are so disruptive to an organization that many of the following insights can also be applied to any disaster scenario, like a fire, earthquake or hurricane.
Preventative measures are necessary, but nothing will provide you with 100% protection. Most organizations have taken reasonable measures to prevent cyber-attacks such as having employee policies in place to ensure acceptable behavior occurs. In addition, the IT infrastructure and applications that support the business are usually in a supported state with protections in place. But roughly 70% of Ransomware occurs via Phishing; meaning that one person on your staff can innocently click on the wrong link or attachment in an email or text and put an entire organization at risk. You will not know this has occurred until the moment you cannot access your files and you receive a ransom note informing you that your files have been encrypted.
One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky’s the limit for attackers.
Once the attacker got their hands on the accountant’s email credentials, they logged into the accountant’s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money.
Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats.
Organizations must educate their workforce so that employees can recognize threats and take appropriate action to protect the organization.
So if 100% protection does not exist, what should local governments be doing? There are 4 important questions you must answer to help guide you.
1. Do we know we are being attacked?
Cybersecurity architecture is one of the core components of digital safety. Poorly designed or shoddily implemented digital systems can entail significant cybersecurity vulnerabilities. It’s not necessarily a matter of bad technology; cybersecurity is as much as about how well you’ve built new technologies into your existing systems and communication channels as it is about the quality of the technology itself. Good data backups, up-to-date cybersecurity software and secure network connections are all parts of good cybersecurity architecture. And nowhere is the importance of cybersecurity architecture more evident than in our remote workforces today. The architecture that is implemented must also be supported with the tools and capability to alert you that you are under attack, or that you have been compromised.
2. Can we stop an attack?
Once alerted that you are under attack or that you have been compromised, you must have the capability to stop it. Using tools and security systems that include automated responses can accomplish this. The use of AI, and the use of machine learning to stop the attack is critical due to the complexity of the attack and the speed at which damage can occur. Without this capability, you are leaving the action to stop the attack to your staff who will follow policy and procedure. The inherent delay in this type of response allows significant damage to occur to your environment. Time is not on your side during an attack.
3. Can we safely restore or recover?
You must be able to restore and recover the environment. It is critical that the backup policies that are put in place address how frequently you want to take backups (Recovery Point Objective or RPO). RPO is concerned with the amount of data that is lost following the event. Losing citizen transactions can be catastrophic so the more frequent the environment is backed up means that if there is an event you will lose less data.
It is equally critical that you address the amount of downtime you can tolerate (Recovery Time Objective or RTO). RTO is concerned with applications and systems and amount of time those systems can be down. Within Public Safety organizations for instance, the tolerance for downtime can be zero or only a few minutes. Having the capability to ensure the infrastructure and applications to come back online quickly must be factored into your decisions.
4. Do we have action plans already in place so we can jump into action?
Partners, Suppliers, and Vendors
As an organization, we rely on our partners, suppliers, and vendors to help us deliver goods and services. It is critical that they understand our needs should we be attacked, and that we have a plan of action in place with each of them. In one case study, we needed 500 disk drives to replace those that had been destroyed during a Ransomware attack. Our partner at the time could not deliver that quantity. That left us in a very difficult situation, and we had to scramble to find those disk drives. I recommend that you have agreements in place with your partners so that you have the capability to quickly recover.
Internal Employees
Within the organization, we rely on our employees to help us stop these attacks. Here are some key takeaways to remember:
Want to learn more about ways of making your organization better prepared and more secure? Please reach out to us at succeed@avenuinsights.com.
Does your actual business license revenue match up with the estimated amount? Gaps occur when businesses don’t pay or underreport their taxes and fees, which is becoming more common as they operate on mobile and virtual platforms.
Antonio Banuelos joined us from Richmond, CA to share how our partnership helped them recover over $2.2 million in new revenue.
Avenu’s webinar showcases a cutting-edge new document search tool developed specifically for local government in partnership with Google Cloud and Sada Systems. Clearview Super Search enables governments to access documents with lightning speed across departments. The advanced search techniques allow constituents to quickly and conveniently search, purchase and download files, reducing support calls, while increasing revenue and productivity.
The webinar featured De Ana Thompson – Vice President, Blair Reuling – Sales Manager with Google Could Search, and Chad Johnson – Director of Google Cloud Search with SADA Systems. Our panel discussed challenges faced by Recorders/Clerks, a Clearview Super Search demo, and how we indexed over 13 million records for one customer in Oakland County – MI.
Local governments know that managing IT is a constant challenge.
Whether it’s quick turnover in technology and staff or managing cloud, legacy, and cyber security systems all at once, teams struggle to keep up with the rapid pace of change which costs you valuable time and resources.
Is IT taking up more effort and money in your organization than it should?
Well, it doesn’t have to anymore. IT Managed Solutions by Avenu is your trusted touchpoint for the entire IT infrastructure.
With decades of experience in IT, we help you get the most from your mainframe, client-server, and cloud-based systems so you never have to chase talent again.
Avenu provides the flexibility you need by offering some, all, or shared services. Empowering you to reduce costs, get actionable results from data, and optimize availability in your organization.
Plus, we become your partner for the long run. Your customized IT services includes:
When governments need continuous IT expertise, they turn to IT Managed Solutions by Avenu.