City and state governments are increasingly feeling the heat from cyber attacks. Ransomware attacks on federal and state entities, healthcare providers and educational institutions cost an estimated $7.5 billion in 2019.
Despite a slight downward trend at the beginning of 2020, the number of cyber attacks on local governments – especially in the form of ransomware – is on the rise again. During the first two quarters of 2020, at least 60 government entities, including several police departments, were impacted by ransomware. Multiple cities have been forced to shut down their IT networks, health and human services and other agencies due to ransomware attacks.
Ransomware can also carry hefty indirect costs in the form of lost productivity and operational downtime, which has drawn the attention of the Federal Bureau of Investigations (FBI). In addition, the European Union’s law enforcement agency, Europol, called ransomware the “most widespread and financially damaging form of cyber attack.”
As more details come out on all these attacks, the real focus should be on what lessons can be learned. Ask yourself a couple questions. Are you doing enough to protect yourself from a cybersecurity standpoint? If not, what steps do you need to take to get there?
Why Are Organizations So Vulnerable?
If an organization or agency doesn’t have properly patched systems or a vulnerability management program, it usually means they don’t have the budget, the staff or both. While that’s an easy concept to understand, implementing a fix isn’t always as simple.
For example, many organizations still haven’t addressed the critical vulnerability EternalBlue that is still used in multiple ransomware attacks to gain network access. This is despite it being in the news and a patch being available for over three years.
Organizations have had several years to install one critical patch – and they haven’t. This patch alone can save hundreds of thousands of dollars in remediation costs or ransoms. The cost of one high profile cyber attack is now estimated at $18.2 million. Around $4.6 million is tied to direct costs from the incident.
Many state and local governments still have computers and other devices that are susceptible to EternalBlue, so it’s no surprise public sector targets continue to remain vulnerable.
Finding the right balance between security and operations is tough. It’s a battle that IT and cybersecurity professionals find themselves fighting all the time. This means the balance is usually skewed towards operations and keeping customers and citizens happy. This model works until there’s a high profile, damaging incident that drastically tips the scale.
Should You Pay the Ransom?
The government says you shouldn’t because you’re supporting the criminals. Security experts warn that paying the ransom doesn’t mean you’ll regain access to your files and data. In many cases, organizations have been left locked out of their files and systems even after paying the ransom.
For purposes of internal discussion and planning, though, the option of paying the ransom should be left on the table and factored into your risk calculation. It’s worth having a discussion about this with your team before a crisis hits to determine your threshold for risk and how you would handle an attack like this.
If and when you do regain access to your systems, don’t just sweep a ransomware attack under the rug. You must still follow through with the proper steps after the fact – a cyber hunt or compromise assessment, remediation and disaster recovery. The good news is, you’ll have less remediation to do if you’ve regained access quickly and operations have continued pretty much as normal. If you have aging infrastructure that needs to be replaced, this could also be an opportunity to get resources for necessary upgrades.
How Can You Make Sure You’re Protected?
Ransomware attacks are not going away. According to one recent report, 17 percent of cyber attacks last year involved malware and 27 percent of malware incidents were ransomware. Since simply giving up isn’t an option, what can you do?
- Get a Vulnerability Assessment: If you haven’t had a vulnerability assessment in the past two years, consider getting one immediately. Vulnerability assessments look for known weaknesses and security flaws in a variety of systems like servers and workstations, desktops, laptops, mobile devices, firewalls, routers and cloud-based environments. It should be done by a third-party security expert who can help you figure out what needs to be patched first. Think of it as someone else checking your blind spots.
- Implement a Vulnerability Management Program: This is basic maintenance that goes a long way to improve your cyber hygiene. It also boosts your resilience to malicious actors. The bare minimum is having antivirus protection on your endpoints, but it’s in your best interest to have next-generation endpoint management and protection. Endpoint security is a crucial part of protecting your organization or business from cyber threats like ransomware, and traditional endpoint security tools have blind spots. At the very least, scan your systems and manually patch the critical vulnerabilities.
- Stay Informed: Part of keeping a balance between cybersecurity and operations is keeping up with the changing cybersecurity landscape. There are several ways you can stay up to date:
- Get current threat information and participate in cybersecurity events through Information Security and Analysis Centers (ISACs).
- Check out the Security Bloggers Network for hundreds of blogs to follow and sign up for their handy RSS feed.
So, how do you effectively advocate for resources to prevent cyber attacks in an era of tight or decreasing budgets? How can you convincingly present your case to non-IT decision makers? Cybersecurity explanations are anything but simple, but high-profile and costly ransomware cases can help you make your case.
A good risk and vulnerability assessment can also help you seal the deal. When Motorola Solutions conducts an assessment, we tailor our recommendations to support your needs. The goal is to improve your cybersecurity, not to punish the people working to keep your systems secure. Findings from our assessments are characterized to be constructive and will help you justify funding for cybersecurity priorities.
We can help you prepare for and respond to ransomware attacks. To learn more, download our Risk Assessment Services Solution Brief. To chat with one of our Cybersecurity sales professionals, visit our Cybersecurity web site today.