Internetwork Engineering Blog

What Cybersecurity Means for State and Local Government Agencies

Written by Internetwork Engineering | October 23, 2019

Because most state and local government agencies don’t have millions to spend on cybersecurity, they can be looked at as easy prey for cybercriminals. In this blog, we will discuss one of the top threats facing agencies like yours, what you should consider when creating your cybersecurity strategy, and how a partner like Internetwork Engineering (IE) can help.

 

Ransomware: Holding Government Agencies Hostage

Learning from their past news-making breach mistakes, large enterprises are enhancing their cybersecurity protection. Unfortunately, this is leading cybercriminals to go hunting for more vulnerable targets, like state and local government agencies.

 

Responsible for a wealth of personal information — from social security numbers to healthcare records — these agencies are perfect targets for even unsophisticated attacks. Why? The truth is, most state and local government agencies have limited budgets, outdated infrastructure, and lack of expertise, visibility and control.

 

In just the first 9 months of 2019, there were 621 ransomware attacks on a variety of public sector agencies, with more than 70 of those on state and local governments. From major metropolitan areas (like Baltimore and Atlanta) to small towns (such as Lake City and Riviera Beach, Florida) ransomware attacks are crippling agencies’ abilities to serve constituents and draining already limited resources.

 

Exploiting users’ technology illiteracy, phishing emails make up 91% of cyberattacks and are often the “open door” hackers use to infect systems with ransomware. With this kind of malicious success, ransomware is quickly becoming a $1 billion annual market. Is your agency prepared?

 

Once their data has been kidnapped, many agencies are choosing to pay the ransom for a quick resolution which only encourages more attacks later. Those who choose not to pay, can still spend more than $10 million in recovery costs for a single incident.

 

Our Recommendations on Piecing Together a Prevention Plan for Ransomware

As part of National Cybersecurity month, we’ve put together a list of ways you can strengthen your cybersecurity posture and safeguard your agency from becoming a victim of a ransomware attack.

 

  • Build a Layered Approach

Building a tiered defense strategy is your best bet for blocking ransomware. An effective approach should include intercepting phishing emails, preventing your network from connecting to malicious sites, and covering all your endpoints.

 

  • Know Your Network

If your network isn’t designed optimally, it can be harder to defend. Getting a network assessment helps you identify opportunities for improvement and gives you a comprehensive view into your network.

 

  • Be Ready to Respond to an Attack

It’s wise to have a solid response plan should your systems be held hostage. An incidence response plan will help you quickly and effectively react to an attack, minimizing the chaos and damage.

 

  • Practice Good Cyber-hygiene

If you don’t do regular upkeep with security upgrades and patches, you might as well just hand your network over to hackers. Patch management and monitoring can keep your system clean.

 

  • Create Employee and Contractor Awareness

The greatest gap in your security isn’t technical, but your employees and contractors. Providing your staff with security awareness training will help them understand their role in stopping malicious attacks.

 

Need Help? Rely on a Partner like IE

Though this may seem like another laundry list of things to fill your already overflowing schedule, you don’t have to do it all alone. With more than 20 years providing infrastructure and security expertise and part of the NC State 204x Contract list, we’re ready to help you with the right balance of people, process, and technology – right now!

 

As a Cisco Gold Partner, we can help you tailor and implement this 3-tier approach:

  • Cisco Email Security with Advanced Malware Protection (AMP) to intercept spam and phishing emails, along with malicious email attachments and URLs
  • Cisco AMP for Endpoints to block ransomware files from opening on endpoints
  • Cisco Umbrella to prevent devices from connecting to malicious sites hosting ransomware

 

In addition, we can round out your cybersecurity strategy by:

  • Conducting a network assessment, giving you greater visibility into your network
  • Helping you create an incidence response plan so you’re prepared before anything happens
  • Performing regular upgrades and patches, ensuring your software is up-to-date with the latest protection
  • Providing security awareness training to empower your team’s response to attacks

 

Continue your Cybersecurity Awareness and Education

Download our Incident Response eBook

 

 

 

 

 

Get a copy of Ransomware for Dummies

(it actually provides some great insight on ransomware!)

 

We’re here to help you keep your data, business, and reputation safe with security everywhere, any way. Contact our Cybersecurity team today to get started, or learn how we can help through the NC State 204x Contract.