Across the country more than 140 municipalities, police departments and hospitals have fallen victim to ransomware attacks so far this year. Texas, where 22 public institutions have been infected by malware and held hostage, has been far from immune.
In this case study review, we share how the Defense in Depth network security solution we installed helped the City of Richland Hills avoid two potentially debilitating cyberattacks.
Background
The City of Richland Hills is a municipality of 8,000 residents located in Tarrant County, Texas. The city employs 110 full- and part-time employees. The Richland Hills Police Department is required to comply with stringent information technology regulations from the Criminal Justice Information Systems (CJIS), the Texas Department of Public Safety and the FBI.
VersaTrust’s relationship with Richland Hills began in 2014 when we entered an open bidding process to provide managed IT services. Since then, we’ve managed their IT infrastructure and helped them maintain CJIS compliance.
Issue
Several years into our relationship with Richland Hills, the city manager decided to take a proactive, preventative approach to IT security. He asked VersaTrust to participate in another competitive bidding process — to provide security services.
While the competition offered one-size-fits-all packages, no matter the cost point, VersaTrust designed a package that provides layered security to the city’s network and fits their budget. The city approved our solution and we became their managed security service provider.
Solution
The security solution we designed for Richland Hills is a Defense in Depth approach that borrows from advanced Department of Defense (DoD) methodology and tactics. In Defense in Depth, we create an infrastructure that deploys multiple barriers, rather than a single perimeter, to prevent, detect, quarantine and eliminate cyberthreats.
Defense in Depth
Traditional antivirus programs and firewalls are insufficient on their own to protect against modern, dynamic hacking tactics. Most hacks originate through some form of phishing attack in which an employee opens the door to an attacker by clicking a link or opening an attachment.
While there’s no substitute for employee training on cybersecurity best practices, Defense in Depth involves monitoring the network and individual workstations to detect the kind of abnormal behavior that signals a breach.
The City of Richland Hills suffered two breaches – each the result of employees falling victim to phishing attacks. In both cases, Defense in Depth performed optimally and prevented catastrophe.
Breach #1: Ransomware introduced through a link
Issue: Richland Hills’s first hack occurred when an employee clicked an email link from an unknown sender. The link downloaded ransomware, infected the workstation and attempted to spread across the network.
Response: The hack bypassed the robust antivirus tools and firewalls that we installed because the employee actively, if accidentally, introduced the infections. Our Defense in Depth response took over.
Our Security Operations Center (SOC), which monitors our clients’ systems 24×7, detected unusual activity on the network within moments. In real time we identified the ransomware’s origin and shut down the culprit system.
Breach #2: Password stealer infection from a fake PDF
Issue: The second breach took the form of an Emotet, a password stealer that jumps from one workstation to another. It was packaged and disguised as a fake invoice attached as a PDF to an email. The city official opened the attachment, even though he did not recognize the sender, and the Emotet began deciphering passwords.
Response: Once again, our SOC detected unusual activity before Richland Hills employees felt the symptoms of the attack. We quarantined the password stealer and froze the compromised accounts. Meanwhile, the city’s other employees continued working unaffected while we repaired the damage.
Results
The Richland Hills city manager appreciates our Defense in Depth solution first and foremost because it keeps their computers free of adware and malware, which improves performance and lengthens the intervals between hardware upgrades and new computer purchases.
Having suffered two of the most common breaches that can hamstring an organization, Richland Hills has first-hand experience to prove that Defense in Depth identifies and immediately responds to a hack before negative consequences are felt. Moreover, in the aftermath of these breaches, Richland Hills engaged VersaTrust to provide employee training across the city’s workforce, which has now become mandatory for municipalities in Texas.
Whatever your industry and unique set of circumstances, a multilayered approach is essential to securing your business in today’s complex cyberthreat environment. Reach out to us (817-595-0111 or email) for more information today.
