Being hit with ransomware isn’t a one in a million possibility any more. It is jurisdiction size and location agnostic. It does not differentiate by state or population.
Yesterday, Riviera Beach, a city in Florida outside of Miami, agreed to pay $600,000 in ransom to computer hackers who took over their computer software. According to an article by CBS News, “the hackers apparently got into the city’s system when an employee clicked on an email link that allowed them to upload malware. The city had numerous problems, including losing its email system and 911 dispatchers not being able to enter calls into the computer.” This resulted in the police and fire departments of Riviera Beach having to write down 911 calls on paper (CNN).
Most ransomware attacks are through malicious downloads or email phishing scams. Though you may think these dangerous scams would be easily noticeable, they often present themselves as trustworthy websites or known email senders.
This attack in Florida is not an isolated incident. So far this year, there have been more than 20 public-sector attacks, not counting those aren’t reported until months or years later (CNN). Notable cities that have fallen victim to ransomware include Atlanta, Albany, N.Y., Newark, N.J., Sarasota, Fla., Baltimore, Md., Greenville, N.C., and so many more. According to The Cybersecurity and Infrastructure Security Agency (CISA), ransomware is the fastest growing malware threat.
You may be asking yourself, “how can I ensure my jurisdiction is ransomware resilient?”
To begin, Jeff Gaynor, Retired U.S. Army Colonel and President of American Resilience, LLC, suggests asking yourself “what’s important to you and how long can you go without it?” From there, identify your jurisdiction’s priorities and proactively develop a cyber resiliency plan. Being reactive after an attack puts you and your jurisdiction in danger of having to pay hackers a large sum in ransom, losing valuable information, or suffering a devastating privacy breach.
One way to offset and avoid these attacks is by leaving outdated legacy software in the past. If your jurisdiction’s software was implemented in 1999, how do you expect it to mitigate security breaches that didn’t even exist when your software was originally created? Nearly 50% local governments said their cybersecurity technology, practices and policies were one generation or more behind best practices, according to a 2016 cybersecurity survey conducted by the International City/County Management Association (ICMA).
In today’s technological landscape, communities can no longer just have defense strategies; they must be proactive to prevent ransomware attacks and data breaches. The cost of letting cybersecurity fall through the cracks is too high.
The answer is true-cloud technology.
In the Federal Cloud Smart Strategy-Cloud Smart released in October 2018, Suzette Kent, Federal Chief Information Officer, states “Cloud Smart embraces best practices from both the federal government and the private sector, ensuring agencies have capability to leverage leading solutions to better serve agency mission, drive improved citizen services and increase cyber security.”
The federal government believes cloud usage in government has been clearly proven to cut costs, improve security and implement solutions faster. Local governments across the U.S. should fall in line with this initiative and assess their own infrastructure’s efficiency and resiliency.
“Over the past six months I have interviewed many public-sector CIOs, CISOs as well as private-sector technology leaders, and they have all highlighted the importance of new cloud architectures,” said Dan Lohrmann of Government Technology. “It seems that everyone has a special emphasis on cloud security efforts.”
Leading cloud provider Oracle states that “IT leaders are migrating their applications and data to the cloud in order to benefit from security features offered by some cloud providers. The key is to choose the right technology—one that is designed to protect users, enhance safeguarding of data, and better address requirements under privacy laws.”
GovSense is the first true-cloud software designed specifically for local government. The GovSense software solution provides enterprise-class data management, security and availability that helps ensure your jurisdiction is resilient to security breaches. This includes disaster recovery, offsite backups, hot backups, redundancy, fully guarded premises, managed physical access and continuous security monitoring.
If you don’t want your jurisdiction’s name to be the next one plastered across news publications nationwide for being yet another community hit by ransomware, it’s time to make a change.