Imagine walking into work on a Friday morning – with the weekend just one more workday away – and finding that your computer systems and data aren’t accessible. That was the reality for more than 20 cities and government agencies in Texas this past August. The culprit? A ransomware attack designed to keep users out of their systems and away from their data until a payment was made.
This wasn’t an isolated incident – although many government employees and IT professionals wish it was. This July, a state of emergency was declared in Louisiana when school systems across three of the state’s parishes were hit with a coordinated ransomware attack. In June, Lake City and Riviera Beach in Florida were each forced to pay hundred of thousands of dollars to ransom their data and computer networks back from bad actors.
It’s safe to say that ransomware attacks are increasing in frequency. And, for cash-strapped state and local governments, the cost to get access back to their own computer systems and data could be too much to bear.
Despite these more frequent attacks, the Public Technology Institute reported last year that only 35% of local government had put a “strategic cybersecurity plan” in place, although a much higher percentage had some form of security program from vulnerability monitoring to training for employees.
Governments have legal and societal responsibilities to citizens, putting extreme pressure on them to protect confidential data. On top of that, for cash-and resource strapped agencies, the time and costs involved in recovering systems and data are tremendous.
The impacts to public trust along with the loss of sensitive personal data and the effect on both essential and non-essential services have put a spotlight on precariousness of the situation. Legacy systems are still the backbone of many state and local systems, while government interactions are increasingly taking place online. As the number of endpoints into the systems multiplies, so do the risks, especially since the platforms—laptops, desktops, mobile and IoT devices—used to access the systems likely have wildly varying levels of security.
One crucial factor in preparing a cyber-defense strategy: information.
Knowing Your Adversary Can Give You a Critical Advantage
Accurate details on global trends, analysis of real-world events, and details on most-used threat vectors can give you the insights to better fortify your enterprise. The 2019 CrowdStrike® Global Threat Report is designed to do just that, but providing analysis, statistics, and case studies, along with recommendations on how to better protect your data resources and your people.
The Report looks at data gathered by CrowdStrike’s incident response, intelligence gathering and threat hunting teams to provide a comprehensive view of the cyber-risk landscape, including the tactics, techniques and procedures (TTPs) used by attackers worldwide. Key metrics include “breakout time,” a measure of the speed with which an intrusion spreads throughout an enterprise. Of note, state actors’ attacks are shown to spread significantly more quickly than those of eCrime organizations.
Also, in the report: where threats originate, such as nation-states that target both internal dissidents and foreign countries for both political and economic gain; the growing sophistication and cooperative strategies of cyber-criminals; and the continuing growth of ransomware attacks, where technology makes it easier to target vulnerable organizations for potentially huge payoffs.
Knowing what kinds of TTPs are prevalent—and the “how, when, and who” behind those attacks — are crucial to helping CISOs decide where to focus resources.