Because most state and local government agencies don’t have millions to spend on cybersecurity, they can be looked at as easy prey for cybercriminals. In this blog, we will discuss one of the top threats facing agencies like yours, what you should consider when creating your cybersecurity strategy, and how a partner like Internetwork Engineering (IE) can help.
Learning from their past news-making breach mistakes, large enterprises are enhancing their cybersecurity protection. Unfortunately, this is leading cybercriminals to go hunting for more vulnerable targets, like state and local government agencies.
Responsible for a wealth of personal information — from social security numbers to healthcare records — these agencies are perfect targets for even unsophisticated attacks. Why? The truth is, most state and local government agencies have limited budgets, outdated infrastructure, and lack of expertise, visibility and control.
In just the first 9 months of 2019, there were 621 ransomware attacks on a variety of public sector agencies, with more than 70 of those on state and local governments. From major metropolitan areas (like Baltimore and Atlanta) to small towns (such as Lake City and Riviera Beach, Florida) ransomware attacks are crippling agencies’ abilities to serve constituents and draining already limited resources.
Exploiting users’ technology illiteracy, phishing emails make up 91% of cyberattacks and are often the “open door” hackers use to infect systems with ransomware. With this kind of malicious success, ransomware is quickly becoming a $1 billion annual market. Is your agency prepared?
Once their data has been kidnapped, many agencies are choosing to pay the ransom for a quick resolution which only encourages more attacks later. Those who choose not to pay, can still spend more than $10 million in recovery costs for a single incident.
As part of National Cybersecurity month, we’ve put together a list of ways you can strengthen your cybersecurity posture and safeguard your agency from becoming a victim of a ransomware attack.
Building a tiered defense strategy is your best bet for blocking ransomware. An effective approach should include intercepting phishing emails, preventing your network from connecting to malicious sites, and covering all your endpoints.
If your network isn’t designed optimally, it can be harder to defend. Getting a network assessment helps you identify opportunities for improvement and gives you a comprehensive view into your network.
It’s wise to have a solid response plan should your systems be held hostage. An incidence response plan will help you quickly and effectively react to an attack, minimizing the chaos and damage.
If you don’t do regular upkeep with security upgrades and patches, you might as well just hand your network over to hackers. Patch management and monitoring can keep your system clean.
The greatest gap in your security isn’t technical, but your employees and contractors. Providing your staff with security awareness training will help them understand their role in stopping malicious attacks.
Though this may seem like another laundry list of things to fill your already overflowing schedule, you don’t have to do it all alone. With more than 20 years providing infrastructure and security expertise and part of the NC State 204x Contract list, we’re ready to help you with the right balance of people, process, and technology – right now!
As a Cisco Gold Partner, we can help you tailor and implement this 3-tier approach:
In addition, we can round out your cybersecurity strategy by:
Download our Incident Response eBook
Get a copy of Ransomware for Dummies
(it actually provides some great insight on ransomware!)
We’re here to help you keep your data, business, and reputation safe with security everywhere, any way. Contact our Cybersecurity team today to get started, or learn how we can help through the NC State 204x Contract.