Just about a year ago, the technology world was on fire thanks to the chaos that revolved around a fast-moving cryptocurrency-focused ransomware attack called WannaCry. If it wasn’t for the accidental discovery of a hidden URL-based “kill-switch” that stopped more than 200,000 global infections from taking place, the damage could have been far worse. Many felt that the low “ransom” amount of about $300 in cryptocurrency value was a prelude to something bigger. Now, entire cities are appearing in the cyber crosshairs of hackers who believe governments are easy prey for ransomware attacks. Exploits continue to ravage government systems as this appears to be the dawn of a dangerous era.
Attack: Atlanta
On March 22, 2018, the city of Atlanta became the most recent major city government affected by a ransomware attack. It took down at least five of the city’s local government departments, crippling communications, utilities, and the court system. The attack even forced the police department to paper-based procedures for some time. Although ransomware attacks date back more than a decade, the threat continues to grow. The state of Colorado and the city of Baltimore were recently impacted, in addition to many recent attacks against small cities across the United States.
The data trends suggest that this plague will continue to proliferate. There are many challenges that face city-based information technology departments. Issues such as limited resources, politically driven budgeting, soft security missions, the hindrance of legacy technologies, and more affect the ability to create the best possible security posture. Further, many cities are in the midst of incorporating new technologies such as Big Data, analytics, and mobility to perform services better. Many projects await adoption and they aim to improve traffic issues, improve revenue, reduce emergency and procedural response times, and other modernizing efforts. With so many moving pieces and a spectrum of attack surfaces, it is little wonder that many state and city technology operations may not have an optimal security structure in place.
New security influences
It can be a challenge in any organization to keep cybersecurity in the continual stream of awareness and as a priority. To keep the security ship sailing, strong leadership, mature security processes, and clear vision are among the necessary components. Elements are aligning to turn the tide in response to these continually rising security threats.
Real FUD
Even if you don’t know the acronym, you know what FUD is (fear, uncertainty, doubt). The FUD ploy appears far too often and certain cynics will often label security scenarios that way. After all the alarm-sounding, all the fear — a security meltdown situation actually happened to Atlanta. The lessons of Atlanta and the significant financial impact of this event are bound to echo for some time. The facts are staggering:
- Initial damage costs reportedly hit $2.7 million, the cost of bringing in eight firms to help the city gain control of their systems.
- Another $9.5 million in damages have now been reported.
- The city admitted that during the attack, more than a third of Atlanta’s 424 vital programs were offline or disabled.
- The City Attorney’s office lost access to a decade of documents, losing control of 71 out of 77 systems.
- 30 percent of the systems lost were vital police force and court system applications.
- Atlanta’s police department lost all its dash-cam video recordings in the attack.
There are countless warnings about these doomsday scenarios. Ransomware attacks are becoming very specific and very focused on certain industries. It is also getting easier to launch ransomware attacks as evidenced by readily available “Ransomware as a Service” (RaaS) threats. The requirements for attack don’t even include technical skills. It’s up for rent.
Tools for defense
You can safely bet that many more organizations will now be eating that FUD. Nobody wants to be next, but what does it take to really make necessary changes to avoid being next? Here are some tools city can employ now.
Leadership
Organizations need the leadership and vision of an individual or a team of security champions in order to drive toward better security. Keep on top of the industry, watching for emerging threats, keeping on top of the strategies and technology options. Shift the organization into gear to be as prepared as possible for a potential and in some cases inevitable cyber event.
Prevention
When technologies lack a driving foundation of principles, processes, and fail-safe actions, increased possibility for failure is the result. It’s important to enable technology to keep watch over threats, architect or update security policies and procedures, create decisive control measures, and have a planned, practiced response for situations. Finally, heightened visibility is critical in preventing ransomware attacks, making it essential to maintain, audit, and routinely validate health and intrusion notifications.
Cloud services
Many organizations have embraced multicloud solutions, including mission-critical services built with security and performance in mind. Specialized cloud solutions providers offer valuable enhanced security services. These services include monitoring for anomalies, detecting privilege escalations, persistent attack protections, transport and resting encryption, and other security features. Many of these features would be expensive or difficult for individual clients to self-implement and maintain. Because of these available services, many organizations that use the cloud are in a better security position than many that use in-house infrastructures.
A number of cloud-based security firewalls provide protection for public, private, and integrated cloud infrastructures. Fortinet, Barracuda, and Checkpoint make really amazing products. This is a competitive field of products that protect against malware infections, intrusions, zero-day threats, and more.
Windows on active defense
The overall enterprise security conversation has shifted from passive defensive schemes to active defensive postures. Microsoft and its Windows operating system have served as the unfortunate goat in many security situations over the years. Hackers have long targeted its wide business and personal user base, while critics and pundits alike have called for security improvements.
Microsoft has responded. It has tightened updates, increased protections, implemented operating system protections, and it has invested more than $1 billion per year in security efforts over the last several years. Today’s Windows platform has an intelligent built-in security approach integrated into the overall Windows experience. Windows and Microsoft systems help to increase vigilance, improve incident response times through the desktop, the main vector that malware uses to infiltrate an organization in the first place.
In many environments, Azure and Office 365 have entered the picture. First of all, Azure’s native cloud and hybrid-connected services are well-protected from DDoS, intrusion detection, and other perimeter threats. As we unlock layers of integrations, the security capabilities become increasingly compelling. Features like data loss prevention (DLP), classification of protected data, mobile management, data separation, global data tagging, dual-factor authentication, and conditional access control provide easily implemented advantages. Another powerful technology known as Windows Defender System Guard limits devices so that only trusted apps will run on a given system.
The point is organizations need to modernize their desktops and their infrastructure. Look at Windows XP for example. Windows XP launched in 2001 and became a completely unsupported platform in 2014. That means no more updates and no more patches (with a couple of exceptions). According to a 2017 Netmarketshare report, there are still about 140 million computers running Windows XP. Tsk, Tsk. That same year, Spiceworks found that just about half of businesses are running at least one instance of XP. Through the course of my profession, I still find Windows NT Server systems in the wild, much of it in legacy environments. That stuff has got to go and the stuff that can make for better protection has got to come in.
Take action to prevent ransomware attacks
When simple technologies are available to address security issues, there is little excuse to sit and wait. Many great security options today tackle the various ransomware issues in different ways. Other tools are cloud-first in nature and provide better security than what a typical organization can create themselves. Further, the Windows system itself has evolved into a responsible, actionable platform.
The adage that you cannot hack-proof everything may ultimately be true, but you can drive toward being ultimately prepared for ransomware attacks. To make a security transformation, figure out your best path, open the doors, call security missions to action, and prepare for threats.
Featured image: Flickr / Chuck Koehler / Pixabay
