|Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.
|The glow of the holiday season may still be with us — but the part about goodwill toward all has not resonated with cyber criminals, who continue to menace municipalities with ransomware and other attacks.
The threats got upfront and personal for many New Orleans residents in 2023 when the mayor’s office announced that the names, addresses, social security numbers, birth dates, and other sensitive information of just about every resident with a state-issued driver’s license, ID, or car registration were likely exposed, thanks to a hack directed at the Louisiana Office of Motor Vehicles.
It was one more reminder that municipalities are a favorite target for bad actors, thanks to the large amounts of valuable information that local governments typically gather.
Unfortunately, many municipalities lack the funding and staff to build adequate defenses against cyberattacks. They often run on antiquated systems, with outdated security technologies and practices while their integrated systems typically include thousands of “smart” devices — each of which represents a possible entry point for threat actors seeking to acquire data or disrupt critical operations.
Local governments, however, can work with a Cyber Security Solutions provider to implement key defenses. A first step may involve a Cyber security risk assessment, where an organization’s security systems and practices will be examined and assessed to identify vulnerabilities. Such a risk assessment is also valuable in determining ways to update an organization’s overall cybersecurity strategy.
Another key step involves implementing “Zero-trust Architecture” – where every request to access the municipality’s network will be subject to automated digital verification. Such an approach should be paired with the principle of least privilege, where users are granted only the minimum access necessary to complete a task at hand.
Network segmentation, or dividing the network into smaller segments based on risk levels or business needs, can also help organizations limit the exposure of critical assets. Segmentation also reduces the impact of a security breach by preventing attackers from moving laterally through the network.
Patch management is another critical component of cyber safety. Applying security patches to software and firmware quickly to close vulnerabilities can help to keep attackers out, but it can be tricky for a municipality with high numbers of devices and applications to execute this important step. Automating patching processes will help, although when legacy systems are involved, segmentation and limiting connectivity may also be necessary.
The SIEM component is a Cyber Security layer that collects and tracks information or data. It serves as a warning that hackers or other cybercriminals are probing the user, enabling agencies and their cybersecurity partners to detect and respond to threats in a faster, more efficient manner. Then, a well-designed, scalable SOC service will integrate real-time automated monitoring with 24x7x365 human expert analysis of critical infrastructure device logs. Using industry best practices, SOC response teams initiate threat mitigation and remediation either remotely or on-site, providing managed detection and response (MDR) that proactively protects against ransomware and other threats.
And because human error plays a significant role in the vast majority of security breaches, engaging in periodic security awareness training, targeted to specific job roles, can also help to enhance the safety of a municipality’s systems.
Finally, an effective backup and recovery strategy — which includes creating multiple copies of essential data, capturing endpoints, automation, and regular testing — will help a municipality to resist ransomware demands, and to quickly recover from an otherwise potentially crippling attack.
Experienced municipal cybersecurity experts understand the unique security challenges local governments face, and can work with Municipal Administrators and others to develop a security strategy that delivers enhanced protection and recovery capabilities, along with improved efficiency, while remaining within budget boundaries.