The steps municipalities can take to prepare for rising cyberattacks
Cyberattacks are on the rise across all industries, but the history of the public sector’s weaker protections makes it an increasingly attractive target for cybercriminals with costly consequences. IBM asserts the toll of each cybersecurity incident in the public sector averages a substantial $2.6 million. In addition, according to the 2023 Verizon DBIR, Public Administration was the leader in the total number of incidents and the total number of breaches last year.
Cyberattacks can have detrimental impacts on government agencies and officials. Municipal services such as water supply, emergency services, public transportation and waste management rely heavily on interconnected digital systems. Cyberattacks like ransomware can disrupt these services, causing inconvenience and potential safety issues for residents.
In addition, municipalities handle a vast amount of sensitive data, including residents’ personal information, financial records and infrastructure details. Breaches can lead to privacy concerns, identity theft and potential misuse of confidential information.
There is a lot on the line regarding protecting municipalities’ data. Fortunately, with the right planning, monitoring, configuration and precautions, municipalities can help avoid these repercussions and defend themselves against debilitating data breaches.
Steps municipalities can take to prevent cyberattacks
There are several steps municipalities can take to prepare for and prevent cyberattacks. By implementing these best practices, municipalities can ensure they have the utmost security to defend against bad actors and keep sensitive information safe.
Embrace Asset Management
Having solid asset management processes, policies and technologies in place is crucial for addressing information security incidents and preventing organizational damage. While it is one of the most difficult verticals to cover, an environment cannot be fully protected without proper asset management. It is impossible to protect unknown assets, which can be a significant disadvantage in troubleshooting or investigating security incidents. The asset management burden becomes manageable with the correct organization and security controls in place.
Embrace the principles of classification, organization, automation and continuous monitoring to maintain an up-to-date and accurate inventory. By consolidating information about endpoints and infrastructure devices, you'll facilitate short-term troubleshooting and make informed decisions for long-term planning and procurement. Successful asset management is not a one-time project but a continuous improvement and adaptation cycle.
Manage and Monitor Access
As a subset of asset management, taking a hard look at IAM (Identity and Access Management) can be a large weak spot in many organizations. One of this sector's top problems is malicious actions from internal actors, as shown in30 percent of reported breaches.
IAM has a handful of best practices generally:
- Least Privilege: This is the concept of granting access to users and endpoints (collectively called an identity or entity) to only the applications, endpoints, files, etc, to which they need access and nothing more. A major component of zero trust is taking the least privilege concept (along with all other IAM practices) and adding context and risk calculations to each separate piece of access.
- Centralization: Centralized authentication streamlines access management, particularly through Single Sign-on (SSO). It mitigates concerns about high-privilege users by ensuring a comprehensive log-off process, minimizing the risk of overlooking access points. SSO enables users to use a single access token for multiple systems, enhancing security through reduced password inputs.
- Removal of unwanted or unneeded assets: Early implementation of robust security practices, such as regularly removing unused accounts, software/hardware upgrades and effective vendor management, is essential. Maintaining a streamlined approach reduces the defense and security workload by minimizing unnecessary items. In municipal contexts, where reliance on vendors is common, thorough vendor management is critical for cybersecurity. Assessing vendors' cybersecurity practices through due diligence helps identify and mitigate potential risks, ensuring the selection of vendors with strong security measures.
- Password and MFA implementation: In the current digital landscape, relying solely on passwords for security is insufficient. With the prevalence of password-cracking tools, data breaches and the challenge of managing multiple credentials, the need for additional measures is evident. Multi-factor authentication (MFA) goes beyond passwords, offering a crucial layer of defense against unauthorized access. Recognizing the limitations of passwords and embracing MFA is integral to a comprehensive security strategy in the face of evolving cyber threats. Despite the increasing availability of MFA in various services, its full implementation is often lacking in enterprise environments. Many companies adopt MFA only reactively, typically after a significant breach. For example, the JPMorgan Chase data breach resulted from their security team's failure to implement additional authentication safeguards on its systems.
Tabletop Exercises and IR Playbooks
A tabletop exercise is a meeting of key stakeholders and staff who walk step by step through mitigating some type of disaster, malfunction, attack or other emergency in a low-stress situation. Tabletop exercises are composed of several key groups or members.
During a tabletop exercise, a moderator or facilitator should deliver the scenario to be played out. This moderator can answer “what if” questions about the imaginary emergency, lead discussion, pull in additional resources and control the pace of the exercise. The entire purpose of tabletops is to find the weaknesses in current processes to mitigate them before an actual incident.
A member of the exercise should also evaluate the overall performance of the exercise, as well as create an after-action report. This evaluator should take meticulous notes and follow along with any runbook to ensure accuracy. While the evaluator will be the main notetaker, other groups and individuals may have specific knowledge and understanding of situations. In this case, having each member provide the evaluator with her own notes at the conclusion of the tabletop is a good step.
Participants make up the majority of this exercise. Included should be groups such as finance, HR, legal, security (both physical and information), management, marketing and any other key department that may be required. Participants should be willing to engage in the conversation, challenge themselves and others politely and work within the parameters of the exercise.
What to include in the tabletop exercise:
- A handout to participants with the scenario and room for notes.
- Current runbook of how security situations are handled.
- Any policy and procedure manuals.
- List of tools and external services.
Post-exercise actions and questions:
- What went well?
- What could have gone better?
- Are any services or processes missing that would have improved resolution time or accuracy?
- Are any steps unneeded or irrelevant?
- Identify and document issues for corrective action.
Implementation Starts Now
Municipalities have a lot at stake in protecting their information from cyberattacks. As cyber threats against municipalities continue to rise, agencies must take precautions to defend against hackers and outside threats. By doing so, they can protect sensitive data and continue operations as usual.
Amanda Berlin is lead incident detection engineer at Blumira where she leads the development of new detections for the Blumira platform, based on threat intelligence and research. An accomplished author, speaker, and podcaster, Amanda is known for her ability to communicate complex technical concepts in a way that is accessible and engaging for audiences of all backgrounds. She co-authored an O’Reilly Media book Defensive Security Handbook: Best Practices for Securing Infrastructure, a comprehensive guide for starting an infosec program from the ground up.