1. Is this the last we’ve seen of attacks on city governments?
Danny Owens (DO): No. City governments will continue to be targeted until they implement comprehensive security controls equal to and better than the threats they face.2. Why don’t organizations realize they’ve been breached?
DO: Today’s hackers are very good at covering their tracks. They also use tactics traditional security tools can’t detect. Effective detection tools need to be in place to identify an attack that is in progress or that has occurred.3. What should municipalities do if they know or believe they may have been breached or attacked?
DO: Report the incident to your qualified IT/Security personnel who should:- Immediately work to determine if a breach has occurred
- Stop the attack and minimize the damage
- Notify management who may then notify state or federal authorities
- Assess the damage and develop a recovery plan
- Perform a recovery if necessary and preserve any evidence related to the breach
4. Have any VersaTrust clients been impacted by these attacks?
DO: None of our municipal clients have been impacted in the latest attacks. One municipality recently had ransomware accidentally introduced from a phishing scam, however, our advanced endpoint protection software and Security Operations Center neutralized both threats before they could cause damage.5. What are some examples of how you protect your municipality clients?
DO: We strongly believe in a layered security approach for all of our clients. It’s also recommended by the U.S. Department of Defense and introduces multiple barriers to halt attackers. Security controls, like real-time scanning and advanced endpoint anti-malware protection are customized based on a client’s risk, requirements and budget. During employee training sessions we show your team what to watch for, so no one falls for a phishing scam or accidentally introduces malware to your network.We also synchronize local backups to a secure cloud server at least once every 24 hours to minimize data loss. A bulletproof backup is the only guarantee for recovery from data loss and ensures that ransom will never have to be considered as an option.
6. Should cities pay ransomware demands?
DO: Robust backups will prevent cities from being in a position where they consider paying a ransom request. If restoring from a backup is not an option, state or federal authorities should be involved in any decisions to be made regarding negotiating with the criminal.7. A CFO recently reached out to you for heightened security but had a limited budget. Which solutions did you recommend?
DO: The CFO wanted a backup solution with faster data recovery time and advanced antivirus software to guard against malware and ransomware. Due to budget constraints, they had to choose between implementing stronger anti-malware/DNS protection and the more effective backup solution.We recommended they add the backup solution first because recovering data is the highest priority after a breach. Then, additional protections can be implemented in a second phase when a budget is made available.
8. What are specific steps cities can take to prevent ransomware?
DO: Have an IT security expert conduct an assessment to determine areas where risks exist, like unsecure firewall configurations, no local backups, or lack of employee training. Then they’ll be able to:- Prioritize areas according to risk level
- Develop an action plan to reduce chances of exposure or breach
- Work with you to determine a budget, as needed
- Maintain a secure environment and prevent new threats from infiltrating the environment
- Perform ongoing assessments
