Local Government Information Security Challenges in the 21st Century

Have you ever experienced a data breach, or been victim to a ransomware attack? For some organizations, they can say they have been lucky to avoid this. For others, the story is quite more horrifying. During my experiences as a consultant, for small to medium businesses, I have lived with this sad reality of customers losing data because of ransomware. I have seen the impact to their businesses and their ability to service their customers. As we bring on more technologies such as artificial intelligence (AI) and start to live out the reality of Internet of Things (IoT), the attack vector just gets larger and more sophisticated. Now more than ever, with more devices being connected to our business resources, the wider our security platform has to be extended.

In local government, there are many different services that are offered to the public and these services collect and maintain sensitive information. We are talking about criminal justice information, patient data, homeowner and land information data, credit card information, and many other different pieces of Personally Identifiable Information (PII). Many local government agencies have control of water supply systems, public safety services such as EMS, fire department and police services. These are all services that the community relies on for quality of life and safety. What if a cyber security attack would bring down these public safety services? What would that look like?

Let’s take a moment to briefly think about the widescale impact of such an attack. Let’s take a local city government for example. A receptionist opens a phishing email and a malicious payload is loaded on this receptionist’s computer. This malware reaches out to systems on the network and finds open vulnerabilities on servers on the network. Let’s say this attacker goes undetected for 14 days. During this time, the attacker manages to infiltrate your identity management services and creates a global administrative account, giving them full open access to the entire network. On day 15, people start to come into the office and the first thing they notice is that the phones are down, then they notice that they are not able to log into their computers. IT is called and they no longer have remote access to servers. IT then walks into the data center and notices that all systems are encrypted when they console into servers. What next? What would this look like in your environment? What services would be impacted? Where would you begin? How long would it take you to recover? Who would you have to contact?

" Be aware of the reality of modern day threats and your options for some basic security measures that can be easily and inexpensively implemented in small and medium businesses as well as local governments "

Attacks are getting more sophisticated. Attackers are now able to get into a network by sending us a phishing email and using social engineering to get access to our network. The days of trying to ‘hack’ or ‘crack’ routers and firewalls are really becoming outdated. Not to say that we shouldn’t patch our edge devices with security patches, but honestly most attacks come from other means. According to Cisco’s Cybersecurity Threat Trends report, data suggests that phishing accounts for around 90 percent of data breaches. What is even more scary, Verizon reports that of more than 79,000 breaches in 88 countries, approximately 60 percent of incidents were discovered within days, however, 20 percent could take months or more before organizations realized something was amiss. How long would you like a bad actor on your network? How much data could they gather in just an 8-hour shift?

Information security in the 21st century looks entirely different than it did ten years ago. Post COVID-19, we now have more than 15 billion IoT devices connected to the internet. Statista reports that by 2030 we will have 29.42 billion IoT devices connected to the internet. We now have more remote workers than ever before. IT security professionals used to have to worry about just their corporate buildings and corporateissued equipment such as a laptop and desktop computer. Now that landscape has been expanded to employees’ homes, the billions of devices that connect back to company data, and workers all over the world connecting to a countless number of public WiFi access points.

When it comes to government and a lot of small to medium businesses with a limited budget, how do we defend ourselves? What does this look like for those that cannot invest millions into securing every aspect of their network and those devices connected to the company data? The good news is there are some simple things that can be done that do not cost millions. 

Here is a list of some basic things that can be put in place to help protecting our networks and data:

● Have an information security incident response plan – This plan will help you identify critical components of your organization, and how to respond and recover from a cybersecurity incident.
● Have a good disaster recovery plan – When (not if) a cyber security attack happens, being able to recover your data and continue is very important. Having immutable backups are a must.
● Ensure that patching of edge devices, servers, workstations, IoT devices, and other network-connected devices are patched regularly with the most recent security patches – Security patches close known vulnerabilities. It is important to stay current with the latest security patches.
● Provide cybersecurity training to end users – This is very important, and I cannot stress this enough. Services provided by KnowBe4, InfoSec IQ, and others, provide your company with security awareness programs that help your end users identify phishing emails and bogus web sites. Remember 90% of breaches are due to a phishing attempt.
● Invest in next generation security tools – As security attacks have become more advanced, so have tools that we can use to defend against it. There are EDR and XDR malware detection tools provided by Cisco, Crowdstrike, SentinalOne, and many others that give you visibility into behaviors on your end devices and servers. Services from DarkTrace, Arctic Wolf and others provide monitoring of your network and end devices. These all look for patterns of behaviors and obscure activity. On the edge of your network, having a next generate firewall that monitors your traffic is a must in today’s world.

This is not a complete list that will guaranty protection of your network, but it is a list of items that will put a roadblock in front of bad actors and will not cause a business to go bankrupt. In fact, this is an investment and the protection of your data and customers’ information! Be aware of the reality of modern day threats and your options for some basic security measures that can be easily and inexpensively implemented in small and medium businesses as well as local governments.