Cities Are Under Attack. Here’s Why.
Greenville, North Carolina. Imperial County, California. Stuart, Florida. Cincinnati, Ohio. These are just a handful of cities and counties across the U.S. that have experienced crippling cyber attacks in recent months.
In 2019, local governments across the country have become the focus of attacks and face a growing threat of cyber attacks and escalating ransom demands. Indeed, ransomware is a pandemic in the United States, and hackers are increasingly going after larger targets instead of focusing on home computers, like most did five years ago.
[You may also like: Cities Paying Ransom: What Does It Mean for Taxpayers?]
The Vulnerabilities
Generally speaking, cities and municipalities are less prepared than companies to mitigate cyber attacks, due to limited resources and difficulty competing for cybersecurity talent. They are also increasingly reliant on technology to deliver city services. This, combined with aging computer systems, enlarges their attack surfaces.
And attackers are also getting more savvy. Per CSO Online, “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”
Why Cities and Municipalities?
Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers.
This rationale is reinforced in Radware’s 2018-2019 Global Application & Network Security Report. According to the report, 52% of cyberattacks were motivated by financial or ransom purposes, far outpacing any other attack motivation. What’s more, government (cities and municipalities) are key targets, with 45% of government organizations being attacked on a daily or weekly basis.
[You may also like: How Cyberattacks Directly Impact Your Brand]
Simply put, the combination of constrained resources, data- and information-rich environments, countered by increasing automated attacks and attack types make cities and municipalities a high-value target for cyber criminals.
There’s no denying that in cities and municipalities, the pressure is on. Securing the constituent experience against cyberattacks is no longer just the responsibility of the IT department. Agencies need to implement security strategies–in every process and program–as if their very survival depends on them.
It only takes one data breach to compromise and expose constituent personal information or hobble critical services such as emergency response, public safety, air travel and more.
Recommendations
While it’s impossible to eliminate every risk or neutralize every threat, there are practical and minimal effort controls every city and municipality should consider. And tools alone don’t provide complete protection; a truly secure experience involves expert resources (threat intelligence), flexible deployment (cloud service), and agility or ease of use (fully managed).
[You may also like: Here’s How You Can Better Mitigate a Cyberattack]
When choosing the right security partner, which is critical for cities and municipalities, consider the following:
- Evaluate protection for all web applications. Look for always-on and fully-managed services to protect both on-premise and cloud-based applications.
- Evaluate risk from new DDoS attack types. Many organizations rely on their ISP and firewalls to detect and mitigate DDoS attacks. But DDoS attacks are growing and targeting applications, and application attacks are rarely detected by ISPs.
- Evaluate firewall DDoS protection. Attacks can fill state tables and bring down your firewall.
The attack trends will persist in the foreseeable future, and all signs point to financial motivation gaining, thereby pushing attackers to try to profit from malicious malware. Of particular concern is the possibility of hackers investing their profits to leverage machine-learning capabilities to find ways to access and exploit resources in networks and applications.