Looking ahead at the good, the bad and the ugly
In our previous blog posts, we spent some time talking about what’s going on in cybersecurity for local governments today — the growing threats, the challenges of regulatory compliance and steps you can take to defend your city — but what about the future?
One theme that keeps rising to the top of the cybersecurity conversation is prevention. Planning ahead is vital; building playbooks to deal with natural disasters and other emergencies is common and cybersecurity incidents should be no different.
But cyberthreats are always evolving, making long-term predictions about the future challenging — but not impossible.
What do tomorrow’s cyberattacks look like?
Today’s attacks can give us insight into what might be happening tomorrow.
But first, a recap. Once upon a time, attackers had an almost single-minded focus on getting on a network and deploying malware or ransomware as quickly as possible, throwing out a demand for some arbitrary payment and hoping their victim wasn’t backing up their data.
Naturally, attackers had to step up their game. They started searching for the backups on a network to encrypt or steal them, too — but then the backups moved off the network. That’s when attackers really started getting creative.
They’ve also learned that a bit of network knowledge goes a long way. In some particularly scary instances, attackers have taken the time to gather intel on company balance sheets or bank transfers, learning how to duplicate them to improve their social engineering attempts. What’s more, understanding that utilities are part of our critical infrastructure means they can push for a greater ransom demand. In other words, they’re doing their homework, making ransom demands a little more digestible to maximize the payment they can extort from a victim.
These highly targeted and sophisticated attacks are only increasing in complexity. The exact technical details may vary, but by and large these cyber criminals are getting more thoughtful, patient and creative in the ways they advance their tradecraft and pursue their objective.
Continued challenges for local governments and utilities
So what does this mean for local governments and utilities?
Attacks on utilities are becoming so common that many CEOs believe it’s not a question of “if” an attack will target them, but “when.” Operational technology (OT) is becoming increasingly connected and digitized. This has allowed utilities and other government operations to uncover new efficiencies, but it also introduces new vulnerabilities. As a result, an attacker could patiently worm their way into critical infrastructure, threatening to switch it off or damage it.
Phishing and ransomware attacks aren’t just targeting data — they’re after operations now, too.
Threatening to interrupt operations or damage OT may be enough to get local governments to pay a ransom. The cost of operational downtime may be far greater than a ransom payment. This doesn’t mean that data backups are obsolete, however. Far from it, backups need backups that don’t connect to the internet.
Many of the internet-of-things (IoT) systems that local governments and utilities rely on were built or designed with the idea that they were closed systems — and that’s simply not the case. The supervisory control and data acquisition (SCADA) system used by utilities might now have an email server, creating a new pathway that wasn’t there before. Even with hardened defenses, the device was not designed with security in mind in the first place.
Planning ahead to prevent future attacks
But the biggest challenge, by far, is making the most of the resources available to local governments and utilities.
There is no denying the fact that cybersecurity can be costly, but as Ben Franklin once said, “An ounce of prevention is worth a pound of cure.” The cost of an attack far outweighs the cost of security investment.
Taking the time to plan ahead and build your incident response plan is vital. It requires buy-in from your staff and stakeholders, plus time and effort to ensure processes are ready to respond to an incident.
As daunting as that might seem, there are many frameworks and standards that local governments can follow to improve their security posture. Many of these guidelines focus on having continuous visibility into what’s going on in your IT network. Leveraging accepted cybersecurity frameworks can help you implement effective practices that will improve your security posture while giving you the visibility you need.
What’s more, implementing these frameworks can also help you build a culture of cybersecurity amongst your staff, helping minimize the likelihood of an attack. The biggest cybersecurity investments you can make are frequently in time, people and processes, ensuring everyone on your team is on the same page.
The solution? Partnering with third-party security providers
Working with third-party cybersecurity providers can take a lot of the frustration and guesswork out of the process.
But even this can be a challenge for some organizations. Facing a board, general manager or director of finance to justify expenses can be difficult — balancing budget limitations with the need for effective security is hard.
But at the same time, you don’t want to wait until a data breach has occurred. Finding a partner that can support you with 24/7/365 cyber-threat monitoring, detection and response can help you save on costs and make the very most of your security budget.
Opt for a holistic monitoring solution such as Covalence, which provides you with contextual alerting and actionable insights to help you spot and address threats early. By taking a proactive approach to how you monitor for, detect and respond to threats, you’ll be able to focus on implementing those effective practices that support ongoing compliance efforts.