Be Proactive Against Cyberattacks
April 06, 2020 by Meredith Trimble
It is estimated that most of the publicized ransomware attacks in the United States the past year targeted local governments. Cities large and small are targets for new types of malware, new phishing tactics, and hackers who work around the clock to refine their techniques.
For public sector agencies, the ever-changing cyber threat landscape can seem daunting. Mitigating threats and securing an organization’s information is not just a job for already-stretched IT departments. Cybersecurity is everyone’s job. While elected and staff leaders work together to build strong cyber cultures, it’s useful to look at cities that are seeing success with easily replicable proactive measures.
Sunrise, Florida’s multi-level proactive defense strategy and State College, Pennsylvania’s 24/7 network monitoring illustrate smart ways to bolster security.
Defense Layers
Sunrise, Florida’s cybersecurity defense strategy has multiple layers. Teaching end users how to recognize fraud and follow best practices is key, and employees engage in security awareness trainings multiple times a year. “My goal is to do all that we can to be proactive in our efforts against cybercriminals,” said Laurie Gagner, information technology director at the City of Sunrise. “When it comes to protecting our city’s systems and data, I try to keep us off the radar as much as possible.” To this end, the city is also building a solid disaster recovery and business continuity plan, so it can recover and restore operations as soon as possible if necessary.
An essential part of Gagner’s strategy was to add a managed threat detection service to protect the city’s data. The service provides 24/7 log monitoring and threat hunting by cybersecurity experts who notify the city within minutes should a threat be found. “Having trusted humans monitoring our logs in real time is invaluable,” said Gagner. Already this year, monitoring detected a potential brute force attack on the city’s mail server. With early identification, the city contained the activity before it created any issues.
The service monitors the entire network and provides Gagner and her team with a valuable and detailed understanding of the city’s infrastructure. Information they receive on the daily reports and the system’s user portal enables them to proactively lock down areas of potential vulnerability.
Actionable Insight
State College, Pennsylvania, also enjoyed success with a third-party managed threat detection system that afforded them peace of mind without adding personnel. The city chose the service to monitor and analyze its network activity. “Their analysts have the expertise to translate our network activity and make it meaningful and actionable for us,” said Craig Bowser from the State College Information Technology Division of the service.
The service saves Bowser’s team time and effort by adding another layer of defense. If the city’s own systems miss something that could put State College at risk, there is comfort in knowing the service’s experts will track it down and notify Bowser’s team immediately.
No malicious activity doesn’t mean the system isn’t working. Network monitoring teams, for example, once alerted Bowser that an entity was using a VPN to access the city’s network remotely from Aruba. Upon further investigation, it turned out to be an employee doing work while on vacation. It could have, however, been a much different situation, and knowing about it immediately helped officials avoid potentially dangerous outcomes.
In addition, increased insight into network traffic and user behavior helps IT staff be proactive in educating users so they don’t see the same issues repeatedly. This saves significant staff time.
Managed threat detection is one way to stay proactive and mitigate risk. Learn more about how to create a successful organizational culture around cybersecurity here.