fbpx

Cybersecurity and Ransomware – What You Need to Know

Ransomware attacks are a fact of life these days. In 2018, there were only 55 publicly reported attacks and less than $60k in demanded ransom followed by 2019 with more than 163 ransomware attacks targeting local governments that ended with at least $1.8M paid to cybercriminals.

Cybersecurity experts reported an 800% surge in cybercrime since the start of the pandemic, with approximately 4,000 cyberattacks occurring every day. Atlanta and New Orleans were well-publicized ransomware events spending $17M and $7M respectively to recover. The reality is that this has become commonplace.

Roger Murphy, Avenu’s Director of IT, has lived through such an attack and here’s what he learned.  Everyone thinks they’re prepared until it happens. And the clock will start ticking before you know you have a problem which puts you in a position of playing catch-up from the very beginning.

The truth is ransomware attacks are so disruptive to an organization that many of the following insights can also be applied to any disaster scenario, like a fire, earthquake or hurricane.

Preventative measures are necessary, but nothing will provide you with 100% protection. Most organizations have taken reasonable measures to prevent cyber-attacks such as having employee policies in place to ensure acceptable behavior occurs. In addition, the IT infrastructure and applications that support the business are usually in a supported state with protections in place. But roughly 70% of Ransomware occurs via Phishing; meaning that one person on your staff can innocently click on the wrong link or attachment in an email or text and put an entire organization at risk. You will not know this has occurred until the moment you cannot access your files and you receive a ransom note informing you that your files have been encrypted.

Real Life Scenario

One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky’s the limit for attackers.

Once the attacker got their hands on the accountant’s email credentials, they logged into the accountant’s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money.

Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats.

Organizations must educate their workforce so that employees can recognize threats and take appropriate action to protect the organization.

So if 100% protection does not exist, what should local governments be doing? There are 4 important questions you must answer to help guide you.

1. Do we know we are being attacked?

Cybersecurity architecture is one of the core components of digital safety. Poorly designed or shoddily implemented digital systems can entail significant cybersecurity vulnerabilities. It’s not necessarily a matter of bad technology; cybersecurity is as much as about how well you’ve built new technologies into your existing systems and communication channels as it is about the quality of the technology itself. Good data backups, up-to-date cybersecurity software and secure network connections are all parts of good cybersecurity architecture. And nowhere is the importance of cybersecurity architecture more evident than in our remote workforces today. The architecture that is implemented must also be supported with the tools and capability to alert you that you are under attack, or that you have been compromised.

2. Can we stop an attack?

Once alerted that you are under attack or that you have been compromised, you must have the capability to stop it. Using tools and security systems that include automated responses can accomplish this. The use of AI, and the use of machine learning to stop the attack is critical due to the complexity of the attack and the speed at which damage can occur. Without this capability, you are leaving the action to stop the attack to your staff who will follow policy and procedure. The inherent delay in this type of response allows significant damage to occur to your environment. Time is not on your side during an attack.

 

3. Can we safely restore or recover?

You must be able to restore and recover the environment. It is critical that the backup policies that are put in place address how frequently you want to take backups (Recovery Point Objective or RPO). RPO is concerned with the amount of data that is lost following the event. Losing citizen transactions can be catastrophic so the more frequent the environment is backed up means that if there is an event you will lose less data.

It is equally critical that you address the amount of downtime you can tolerate (Recovery Time Objective or RTO). RTO is concerned with applications and systems and amount of time those systems can be down. Within Public Safety organizations for instance, the tolerance for downtime can be zero or only a few minutes. Having the capability to ensure the infrastructure and applications to come back online quickly must be factored into your decisions.

4. Do we have action plans already in place so we can jump into action?

Partners, Suppliers, and Vendors

As an organization, we rely on our partners, suppliers, and vendors to help us deliver goods and services. It is critical that they understand our needs should we be attacked, and that we have a plan of action in place with each of them. In one case study, we needed 500 disk drives to replace those that had been destroyed during a Ransomware attack. Our partner at the time could not deliver that quantity. That left us in a very difficult situation, and we had to scramble to find those disk drives. I recommend that you have agreements in place with your partners so that you have the capability to quickly recover.

Internal Employees

Within the organization, we rely on our employees to help us stop these attacks. Here are some key takeaways to remember:

  • These attacks are Criminal activities. You are the target. If the bad guys can gain access to your computer, then it is too late.
  • People are the weakest link. Every employee is a target from the temp worker to the CEO.
  • Email is one of the most common and most successful attacks on the internet. Recent statistics cite up to 90% of successful attacks against businesses begin with a malicious email.
  • Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats. It’s up to you!
  • If your team has not already began a security awareness training campaign, I highly recommend you have the discussion with them right away.

Want to learn more about ways of making your organization better prepared and more secure? Please reach out to us at succeed@avenuinsights.com.

President Biden Visits Avenu’s New Orleans Sewerage & Water Board Client

For over 20 years, Avenu has been providing IT Managed Services to the Sewerage & Water Board of New Orleans (SWBNO). For this effort, we partner with a Disadvantaged Business Entity and together employ 43 staff members (23 Avenu employees).

New Orleans sits 20 feet below sea level and visitors are always astounded to be outside and look up to see a ship going down the Mississippi River. SWBNO holds the responsibility for providing drainage and sewerage facilities 24 hours a day, 365 days a year, where and when they are needed and for providing drinking water to thousands of homes in the city.

President Biden’s trip to New Orleans was to specifically tour SWBNO. Why? SWBNO has been using the same technology to drain the city since the 1910s. On 6 May, the President toured the SWBNO facility that houses the city’s century-old turbines – more than half of which are broken – that power a network of drainage pumps.

President Biden wanted to tour and highlight SWBNO as a prime example of a facility that is in dire need of modernizing its infrastructure. The President specifically named SWBNO in his $2.2 trillion proposal to revamp the nation’s infrastructure and replace major components of our facility.

It was in 2005 when Hurricane Katrina struck New Orleans breaching the levees which caused 80% of the city to be underwater and resulted in thousands of citizens losing their lives. According to SWBNO’s history, the impact of Hurricane Katrina devasted the board’s water, sewer, drainage and power generation systems.

Over 300 Sewerage & Water Board employees manned their stations at board facilities throughout the city during Hurricane Katrina and during the catastrophic flooding that followed. These Sewerage & Water Board ‘Katrina Heroes’ literally risked their lives and their personal safety to salvage and repair vital Sewerage & Water Board facilities and equipment that made it possible to dewater the city in only 11 days after the levee breaches were repaired.

Maintaining SWBNO’s infrastructure is critical.

When asked about the challenges of dealing with storms, Avenu’s Program Manager at SWBNO remarked that I am so proud of the entire SWBNO team. Last year we had eight named storms and direct hits come through which is an extraordinary amount for the team to deal with to keep the City safe. I am so grateful to lead and work with such a wonderful team. They are the best!”

CASE STUDY: A History of Partnership

How Avenu Built IT Solutions for the Digital Age

The digital transformation of government is an imperative today. Digital citizens increasingly demand the convenience and efficiency of digital services from their local governments. Paper processing, manual data entry and in-person bureaucracies hamper government’s ability to deliver best-in-class solutions that can keep up with the pace of modern life.

But digitizing and modernizing isn’t always easy. There’s a lot for local governments to process. To fully digitize their operations, governments need effective and secure IT infrastructure, as well as access to the expertise, resources and tools of dedicated IT specialists.

Since the 1990s, Monroe County, Pennsylvania, has sought to stay on top of the latest trends in digital government. But Monroe County didn’t want to be just one step ahead; they wanted to build a digital government that would last for the long term. To do so, they needed help. And Avenu was there to help them.

Avenu’s decades-long partnership with Monroe County has effected a total digital transformation of the county’s government.

Learn the steps taken to implement this transformation and enable Monroe County to be a leader into the future.

Monroe County, Pennsylvania