WHY STATE AND LOCAL GOVERNMENTS ARE TARGETED
A 2020 International City/County Management Association (ICMA) report on local government cybersecurity identified five key reasons these governments are targeted:
- Number of local governments: There are 90,075 different local governments in the U.S., making it harder to produce and implement a unified public-sector cybersecurity strategy.
- Holders of sensitive information: Local and state governments store considerable amounts of sensitive personal information, such as names, addresses, driver's license numbers, credit card numbers, Social Security numbers and medical information. In addition, they store contractual, billing and financial information of the governments themselves. Obtaining personal information is a particular priority for cyber criminals using ransomware.
- Inadequate cybersecurity: The ICMA report found that local government systems usually aren't well defended, particularly in relation to federal government systems. The Institute for Security and Technology's report on combating ransomware recommends addressing this imbalance in cybersecurity in the government sector.
- Financial constraints: According to the global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), which surveyed over 500 cybersecurity professionals, it was reported by organizations that, “More than three-quarters said it was extremely or somewhat difficult to recruit and hire security professionals, but 38 percent said their organization doesn't offer competitive compensation, while 29 percent said their HR department doesn't understand the skills needed for cybersecurity and 25 percent said that job postings at their organization tended to be unrealistic.”
- Use of Internet of Things (IoT) technology: Local governments have adopted many of the benefits of IoT and smart cities technology by deploying Internet-connected devices to provide, monitor or manage services such as traffic lights, water meter reading, security cameras and solid waste collection. While these services benefit citizens, they also introduce new vulnerabilities and risks for local governments.
EXAMPLES OF CYBERSECURITY ATTACKS IN THE GOVERNMENT SECTOR
According to the Verizon 2021 Data Breach Investigations Report (DBIR), the public sector had the second most attacks after the entertainment industry. The 15th-anniversary edition of the DBIR is available May 24, 2022, sign up here.
Notably, the report treats education and health care as different sectors, some of which are also government operated. Examples of recent state and local public-sector cybersecurity attacks include:
- Some state and local government networks were compromised prior to U.S. Election Day in 2020.
- At least 2,323 local governments, schools and health-care providers were affected by ransomware in 2021.
- The Baltimore County Public Schools system was shut down by a ransomware attack that hit all its network systems, prompting two days of class cancellations for 115,000 students.
- Police and fire department systems were offline following cyber attacks across the country, including in Massachusetts, California and Washington, D.C.
- In Virginia, a ransomware attack shut down some of the Hampton Roads Sanitation District's business information systems.
COMMON PUBLIC-SECTOR CYBERSECURITY ATTACK METHODS
According to the 2021 DBIR, social engineering is the most common attack method in relation to cybersecurity in the government sector. In the 2021 DBIR, over 69 percent of breaches were due to social engineering, with phishing emails the most prominent vector. The report found that the public sector is particularly vulnerable to attackers who can craft a credible phishing email. Public-sector attackers were overwhelmingly interested in obtaining credentials, with 80 percent of incidents attempting to steal logins and passwords that would further the attacker's presence in the intended victim's network and systems.
After phishing, miscellaneous errors placed a distant second as a cause of public-sector cybersecurity incidents. Those errors consisted of misconfiguration and misdelivered emails and paper documents. Other critical threats to cybersecurity in the government sector include state-sponsored cyber attacks and improper internal usage of systems.
For the latest statistics and findings, download the 2022 DBIR here.
THE CHALLENGE OF FALSE POSITIVES
According to a 2021 Fastly report, about 45 percent of cybersecurity alerts are false positives. This can create an issue for public safety, as it's difficult to determine the difference between malicious and benign behavior. These alerts could also prompt false alarms, such as the cyber equivalent of the Hawaii missile alert, when in reality they may simply be a system or human failure.
Here are some tips on how to mitigate the number of false positives when it comes to cybersecurity in the government sector:
- Review each alert rule with as many eyes as possible, preferably security experts.
- Silently test rules whenever possible.
- Adapt alerts to handle special situations where abnormal traffic is expected.
- Modify alerts when false positives arise.
- Be as specific as possible with alerts, minimizing "any/any" type rules.
- Automate incident detection and response with artificial intelligence (AI).
- Be proactive with threat hunting as opposed to relying on known signatures.
HOW AUTOMATED SOLUTIONS CAN HELP PUBLIC-SECTOR CYBERSECURITY
Systems that automatically determine baseline network activity and detect anomalous behavior in a public-sector agency may be able to identify a leak in the system before it becomes a crisis. Hackers can exploit weak points in a network to steal valuable information, even if the attacker isn't located on the same physical network.
Learn more about Verizon's comprehensive approach to cybersecurity in the government sector.
The author of this content is a paid contributor for Verizon.
