Earlier this year Hollywood Presbyterian Medical Center in Los Angeles was targeted in a ransomware attack. State and local law enforcement agencies and public healthcare facilities continue to remain vulnerable to ransomware attacks. The danger is real, but understanding what these threats are and how to prevent them is still difficult for many governments.
James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology (ICIT), sat down with Emily Jarvis on GovLoop’s State and Local Spotlight to discuss why state and local governments are vulnerable to these types of attacks.
Ransomware allows outside actors to infect a computer or system and, then, hold a person (or organization) hostage until some sort of payment is made to the actor(s). “Ransomware is weaponized encryption,” Scott explained.
“It is dangerous because anybody can do it,” Scott said. “And it’s unique among cybercrime, because in order for the attack to be successful it requires the victim to become a willing accomplice- after the fact.”
But, why are state and local law enforcement agencies and public healthcare facilities among the most vulnerable?
These types of organizations continue to fall short of basic cyber hygiene.
Scott explained that state and local governments “possess bureaucratic siloes that host unique inter-organizational political systems. Each of these systems within the organization possesses, within themselves, a whole universe of vulnerabilities that can be abused.”
Additionally, they have not done more to integrate other key players in the cybersecurity mix. The IT team simply cannot support and manage all areas of IT, procurement, and cybersecurity. “Organizations now need to implement an information security team that does nothing but cybersecurity,” Scott said.
Lastly, state and local law enforcement agencies and public healthcare facilities deal with a lot of sensitive data-on a daily basis. And in an environment where employees are overworked, they “might not thing twice before clicking on something,” Scott pointed out.
So, what can these organizations do to better defend themselves?
“It is important to realize that there are mitigation strategies even if you can’t keep a breach from happening,” Scott said. “A layer of defense it the only viable defense.”
As such, Scott recommended the following:
First, bring in qualified cybersecurity professionals to work within your organization. “This is paramount,” Scott emphasized. These professionals will educate the organization’s staff on what various cyberattacks look like and how you can detect them. Then, they can implement routine risk analysis and penetration testing to help create effective policies and procedures to assist the organization moving forward.
For example, they can begin to enlist encryption for information that is both in transit and/or stationary to better protect the sensitive data employees utilize. However, the federal government also needs to play a role in enforcing these cybersecurity measures.
“There must be a renaissance in cybersecurity in this country that promotes cyber hygiene and a security-centric corporate culture that continuously reinforces these measures through organizational and social pressures,” Scott stated. Luckily, this is happening in government. Scott mentioned one area in which he is seeing progress. The Senate and the House are having discussions on how to better secure medical devices that are attached to a hospital’s IOT surface. Therefore, they are also looking at how to make more security-centric medical devices where cybersecurity is part of the development and lifecycle of the device.
If you wish to attend ICIT’s Critical Infrastructure Forum: Resiliency & Enablement, on 25 April, please click here. However, if you cannot make the event, but would like to read more about ICIT’s work on ransomware and cybersecurity, please click here.