Take a closer look at the growing threat landscape and learn how you can defend against attacks
“It does not do to leave a dragon out of your calculations if you live near one.” Wise words from J.R.R. Tolkien’s timeless novel The Hobbit, spoken by the wizard Gandalf, and surprisingly applicable to modern-day cybersecurity for local governments. In this context, the dragons living near you are cyberthreats — and they don’t play favorites.
What’s behind the increase in cyberattacks?
There are several reasons why cyberattacks against local governments are on the rise. Let’s take a closer look at the factors that make it harder to defend local governments.
Difficulty attracting and retaining talent
Limited talent is an issue facing organizations, governments, and companies in every sector and of every size. Attracting and retaining skilled employees with extensive cybersecurity knowledge is hard, especially at the municipal level, due to the cybertalent shortage across the public and private sectors. And because local governments may not have the budget for in-house cybersecurity expertise, it’s extremely difficult for them to compete with offers from larger organizations in the private sector.
Attackers know this and use this knowledge to attack the most vulnerable.
Cybersecurity roles and responsibilities also require specialized skills that come from years of on-the-job experience. While some of these skills can be learned in a classroom, cybersecurity professionals need practical experience to understand the mind of an attacker and their motivations, which will help them prevent attacks and respond to them faster and more effectively.
Expanding threat surfaces
The world is becoming increasingly digitized and connected, which means that the number of attackable elements in many organizations is growing. As more tools and technology are introduced to a network, this threat surface expands. Whether it’s tools for offering online services or IoT devices to streamline utility monitoring, the number of attackable points is expanding. Left unsecured or with minimal security, these tools can be easily breached and taken offline.
The pandemic is also a contributing factor. The rush to deploy new technologies, especially to a user base potentially unfamiliar with remote work tools, is a potential attack vector. Remember the early waves of Zoom bombings and concerns over password protection? The rush to remote work meant that staff had to adapt to a new reality on short notice. It led to a rise in security issues.
The cybercrime-as-a-service (CaaS) economy
Technology continues to evolve on both sides of the cybersecurity battle. Part of the increasing number of attacks can be attributed to the growing sophistication of the cybercrime-as-a-service (CaaS) black market. The tools used by cybercriminals are easier than ever to acquire, making it possible for even the most inexperienced hacker to easily stage an attack.
Who are the cyberattackers targeting municipalities and utilities?
In light of this growing number of attacks, understanding why criminals are motivated to attack local governments and utilities can help you build more effective defenses. Attackers know that utilities and other local government services are critical to the functioning of society – and they also know how to attack them to successfully extort money.
But beyond criminals, who are primarily motivated by financial gain, local governments are also in the crosshairs of state-sponsored actors.
State-sponsored actors are agents of national governments looking to steal state’s secrets or disrupt critical services. By comparison, most cybercriminals are far less discriminate. Their objectives are typically financially motivated and their methods opportunistic, especially compared to sponsored attacks. Unfortunately, utilities and local governments find themselves in the unenviable position of being targeted by both these attackers.
Have cybercriminals changed their tactics?
Technology is changing and evolving — as are the tactics cybercriminals employ. In the past, cybercriminals’ main tactic was to install ransomware on a network or device and extort a dollar figure anywhere from hundreds of thousands to millions. While ransomware remains a significant threat, it’s no longer the only tool attackers rely on.
Now, once they’ve accessed a network, threat actors will spend time gathering information or altering their tactics to increase the effectiveness of their attack. In the case of a local government, this could mean preventing access to operational technology, compared to a commercial organization or traditional office where attackers might target file servers or financial data.
There are threat actors that focus their efforts entirely on compromising networks before staging a major attack. Unfortunately, because of resource limitations and challenges with attracting and retaining talent, local governments are often seen as easy targets. Cybercriminals don’t want to spend a ton of time and effort getting past multiple locked doors. They want to find the target with a single lock.
But it’s not all bad news.
Defending against rising attacks
As easy as it might seem for an attacker to make significant impacts on a local government, there are easy steps you can take now to improve your defenses:
- Know your network: Knowing how your network and the devices that connect to it are configured can help you identify potential vulnerabilities early and close gaps in your security.
- Update and maintain software: Regularly patching and updating software is also very important. Patches and updates fix security flaws or bugs that could be compromised by an attacker, which is why staying on top of these updates is so vital for ongoing security success.
- Invest in employee education: Attackers target the weakest link, which is almost always the user on the other side of the screen. Training employees to use strong, effective passwords, practice good cyber hygiene habits, and foster a security-first culture are all easy steps any organization can take immediately.
The biggest step you can take to protect your network is through continuous monitoring. Cybersecurity solutions that continuously monitor your IT ecosystem, pinpoint the threats targeting your operations, and provide you with the information you need to respond quickly and easily are critical to ongoing protection.