2020 has been a year of headlines. Between the pandemic, the election cycle, and natural disasters, risk has felt more unpredictable than ever. One headline that many missed came prior to the presidential election. Cyber criminals were quietly targeting public entities as a means of disrupting the voting process. As cyber attacks become part of the cycle of foreign tensions, public entities are often on the front lines.
Another emerging cyber risk for public entities is political activism. Activists that disagree with a decision made by a new ordinance passed or actions taken by a public entity will attempt a cyber attack to shut down the systems of a public entity as a political act. These activists may not be looking for any type of payment, but are using a cyber shutdown as part of a strategy of political activism.
The most prevalent method of cyber attacks against public entities has been through phishing emails. Phishing emails may not be new in their format, but the damage they are doing is all too real for many public entities. Many high profile ransomware incidents were found to have come through a phishing email that duped an employee. Ransomware then shows up in the form of a Denial of Service attack, data may be encrypted, or servers may be shut down. A ransom is then demanded, typically in the form of cryptocurrency.
Many organizations are falling victim to these crimes, but public entities face additional pressure not to pay the ransom as the criminals are often overseas – frequently in OFAC restricted countries. Cities are faced with large price tags on digital forensic vendors, employee overtime, the costs to recreate or restore many years of data, and sometimes replacing computer equipment. These bills are often in the tens of millions, and create headaches for citizens who may need to pay a bill or file important paperwork. Some have even had disruptions in public safety services or utilities.
What’s especially frustrating during these outages is that these incidents are highly preventable.
Here are three tips to help public entities manage ransomware exposures:
Train employees – there are a number of resources to help employees spot a fraudulent email, determine the validity of links, and help understand document best practices.
Use email scanning software – this can often stop a phishing email before it gets in the hands of an employee. The algorithms not only scan for suspicious content, but check the links and the attachments as well.
Create and update an incident response plan – an incident response plan allows for a quicker response in the event of a ransomware attack. A good plan will determine who needs to be involved, what roles everyone plays, when to involve insurance, and what vendors are available for use.
One last tip – don’t forget about proper cyber insurance. Many public entities spent millions of dollars on breaches when a comprehensive cyber insurance policy would have responded. Your M3 Account Executive can help you understand the benefits of a policy.