The COVID-19 pandemic has emphasized the precarious nature of the world. And it has reinforced local government's role in keeping society safe. But the pandemic's first year has also revealed new challenges and threats—mounting cyber attacks on municipalities threatened to cripple critical infrastructure and emergency response capabilities during an ongoing crisis.
A cyber risk mitigation plan is essential in a world increasingly reliant on digital infrastructure. But what should it include, and how can municipalities design a plan that’s effective?
Security risk mitigation strategies in a changing world
Given the high stakes, a cyber risk mitigation plan must sit at the heart of every well-run public safety department. The COVID-19 pandemic has driven digital acceleration, but it has also exposed organizations to more threats. Three major factors affect how effectively public safety teams can manage risk.
- Budget. Serving the public is getting more expensive for municipalities. Some 70% of public sector organizations said that the public's expectation for increased online services puts tremendous pressure on their budgets.
- Leadership. A decision-maker who understands the strategic importance of a cyber risk mitigation strategy is invaluable. But too many leaders still see security as a cost center and block on innovation.
- The threat landscape. Attacks on local government continue to grow, putting key services at risk of interruption and data at risk of compromise. Distributed denial-of-service (DDoS) attacks on educational and municipal websites surged in 2020 as the COVID-19 pandemic shifted seemingly everything online. And over the past two years, 39 states have reported at least one municipality affected by ransomware.
Public safety departments are arguably even more exposed today than they were before COVID-19, largely because the mass shift to remote work and widespread adoption of cloud and digital services have expanded the attack surface. And though little can be done about the threat landscape, leadership and budgets, you can influence where money gets spent.
Building a cyber risk mitigation strategy
Two basic pillars are at the heart of every effective cyber risk mitigation plan: building organizational cyber resilience through enhanced security practices and improving threat detection and response. Each will help minimize the effect of a serious attack on your organization and the people it serves.
Building cyber resilience
By putting the right people, processes and technology controls in place, you can close many of the gaps often exploited in cyber attacks, such as software vulnerabilities, remote desktop protocol and other common ransomware attack vectors.
A resilient cyber risk mitigation strategy is multifaceted and includes:
- Perimeter defenses, such as network firewalls, web proxies, content checks and web filters, can block access to malicious domains.
- Automated patch management keeps critical operating systems and software up to date. Risk-based systems can help organizations dynamically prioritize system and software use.
- User access controls limit insider threats and stymie attackers using hijacked credentials. Applying the principle of least privilege will help lock down unauthorized access.
- Password management, to ensure that every credential is unique and strong. Enable risk-based multi-factor authentication where possible.
- User training and awareness, to help create a strong defense against phishing, as it will reduce the risk of human error. Misdelivered emails and cloud misconfiguration were the top error varieties in public sector breaches in 2020.
- Secure system configuration, for bringing security gaps, preventing data leaks and ransomware attacks.
- DDoS mitigation, delivered through cloud-based protection services can block traffic from suspicious IP addresses.
As important as it is to make these checks in your organization, it is also vital to vet your suppliers, as supply chain attacks are an increasingly popular way to attack government targets.
Enhancing threat detection and response
Adhering to best practices will build the resilience to repel many low-intensity attacks. But determined attackers will still find ways to slip past perimeter defenses.
It is critical to optimize your organization's ability to detect and rapidly respond to malicious activity inside your network. On average, it takes 280 days to identify and contain a breach. That's more than long enough for an attacker to steal sensitive data or deploy crippling ransomware.
The security operations center is at the heart of these efforts. Whether yours is in-house or outsourced, it should focus on:
- Optimizing threat intelligence from a vast network of telemetry points to identify known and unknown threats
- Prioritizing threat response using machine-learning algorithms
- Enabling round-the-clock detection and response service for always-on automated traffic analysis and threat containment
How managed services can help
Managed security services can help your department improve cyber resilience. But they come into their own in threat detection and response—to mitigate attacks that could severely disrupt service and lead to data loss.
Supercharge your cyber risk mitigation strategy with a managed security operations center, security information and event management partner or incident response service, which can deliver:
- Deeper threat insight accrued from a broad customer base
- Cost and resource savings, which would otherwise have been spent on hiring, training and retaining talent (which can be difficult, given global cyber skills shortages)
- Round-the-clock threat environment monitoring and effective alert prioritization
- Personalized service tailored to your organization's specifications
- Economies of scale to keep costs down
Learn how Verizon solutions can offer your data and systems round-the-clock threat protection.