Ransomware attacks affected at least 948 U.S. government entities in 2019 and cost local and state governments over $18 billion in 2020. These agencies are prime targets for cyberattacks. Their dispersed nature, the complexity of their networks, the vast amounts of valuable personal data they process and store, and their limited budget prevent them from staying current with the latest best practices.
Strengthening your defense starts with understanding the top reasons why threat actors choose to target state and local governments. Then, implement the latest technologies and best practices to protect your organization from attacks.
Reason 1: The Vast Number of Local and State Government Agencies
There are 89,004 local governments in the U.S., plus numerous special districts and school districts. That equates to 2.85 million civilian federal employees and 18.83 million state and local government employees — each representing a potential target for threat actors.
Since it takes only one person to click on one malicious link or attachment to infect the entire system with ransomware, the large number of people who have access to sensitive data makes government entities prime targets for social engineering attacks.
Moreover, the dispersed nature of these networks makes it extremely challenging for government agencies to gain visibility of all the data and activities. When one agency suffers an attack, there are no procedures or methods to alert others, coordinate incident response plans, or prevent the same attack from happening to other entities.
Reason 2: These Agencies Process Valuable Personal Information
How much personal data have you shared with state and local government agencies? Somewhere in their dispersed systems reside your social security number, home addresses, phone numbers, driver’s license information, health records, etc. The information is attractive to cybercriminals because they can sell it on the dark web or use it for identity theft.
Many of these agencies also hire contractors and sub-contractors to handle their computer systems or process user data. The more people with access to the data, the larger the attack surface — creating more opportunities for supply chain attacks where criminals target less secure vendors to infiltrate their systems.
Without the know-how or resources to partition their data or implement access control, many government agencies leave their door wide open for criminals to access their entire database. All malicious actors have to do is target one of the many people who can access any part of their systems.
Reason 3: They Can’t Afford Security Experts and Advanced Tools
Almost 50 percent of local governments say their IT policies and procedures don’t align with industry best practices. One major hurdle is that they don’t have the budget to offer wages that can compete with the private sector and a workplace culture to attract and retain qualified IT and cybersecurity professionals.
Meanwhile, cybercriminals are evolving their attack methods at breakneck speed. Organizations must adopt cutting-edge cybersecurity software to monitor their systems and detect intrusions. Unfortunately, the cost of these advanced tools is out of reach for many government entities due to their limited budgets.
Moreover, political considerations and bureaucracy further hamstring these organizations. The slow speed of many governmental and funding approval processes makes preparing for and responding to fast-changing cybersecurity threats even more challenging.
Reason 4: IoT Adoption Complicates the Picture
From smart building technology and digital signage to trash collection and snow removal, Internet of Things (IoT) tools, mobile devices, and smart technologies play an increasingly vital role in the day-to-day operations of local governments.
While these technologies help promote cost-efficiency and sustainability, they also increase the attack surface and give hackers more opportunities to breach a local government’s systems and networks — if it fails to implement the appropriate security measures.
Unfortunately, many agencies jump into buying new technologies without implementing proper security protocols. Not all agencies require IoT devices to perform their functions. You should therefore balance the cost and benefits, along with the security implications, to make the right decisions.
How Government Agencies Can Protect Themselves Against Cyberattacks
An ounce of prevention is worth a pound of cure. The most cost-effective way to avoid the high costs of ransomware attacks and data breaches is to follow the latest cybersecurity best practices. Here’s what state and local governments should implement to stay safe:
- Complete visibility into your entire IT infrastructure to provide a comprehensive view into all the possible hybrid network access points to understand what’s connected to your network and what data and files are most at risk. This way, you can prioritize your data security resources.
- Intrusion detection and prevention systems (IDS and IPS) protect your wired and wireless networks by identifying and mitigating threats (e.g., malware, spyware, viruses, worms), suspicious activities, and policy violations.
- A mobile device management (MDM) solution allows administrators to monitor and configure the security settings of all devices connected to your network. Admins can also manage the network from a centralized location to support remote working and the use of mobile and IoT devices.
- Access control protocols support a zero-trust policy to ensure that only compliant devices and approved personnel can access network assets through consistent authentication and authorization, such as multi-factor authentication (MFA) and digital certificates.
- Strong spam filters and email security solutions protect end users from phishing messages and authenticate all inbound emails to fence off social engineering scams.
- Cybersecurity awareness training for all employees and contractors helps build a security-first culture and makes cybersecurity a shared responsibility, which is particularly critical for fending off social engineering and phishing attacks.
- A backup and disaster recovery plan protects agencies against data loss and ransomware attacks by ensuring operations don’t grind to a halt even if you suffer an attack.
Final Thoughts: Managing the Many Moving Parts of Cybersecurity
Cybersecurity is an ongoing endeavor, and it starts with building a solid foundation and knowing what and who is in your systems.
You must map your networks, take inventory of every device, and know where all your data is (including the cloud) to gain a bird’s-eye view of what your security strategy must address. Next, assess your security posture, evaluate your network against your policies, and prioritize resources to address the highest-risk vulnerabilities. Also, you must continuously monitor network activities and potential attack paths to achieve constant visibility, prioritize your efforts, and meet compliance standards.
State and local governments worldwide trust RedSeal to help them build digital resilience. Request a demo to see how we can help you gain visibility of all network environments to jumpstart your cybersecurity journey.