In 2018 state and local government CISOs faced a barrage of cyberattacks and 2019 is bringing more of the same. Ransomware attacks against government agencies were particularly damaging with the Emotet attack against municipal systems in Allentown, PA, the SamSam attack on the Colorado Department of Transportation as well as the City of Atlanta, GA, and the WannaCry attacks on Connecticut state systems, to name just a few.
Still, the Public Technology Institute reported last year that only 35% of local government had put a “strategic cybersecurity plan” in place, although a much higher percentage had some form of security program from vulnerability monitoring to training for employees.
Governments have legal and societal responsibilities to citizens, putting extreme pressure on them to protect confidential data. On top of that, for cash-and resource strapped agencies, the time and costs involved in recovering systems and data are tremendous.
The impacts to public trust along with the loss of sensitive personal data and the effect on both essential and non-essential services have put a spotlight on precariousness of the situation. Legacy systems are still the backbone of many state and local systems, while government interactions are increasingly taking place online. As the number of endpoints into the systems multiplies, so do the risks, especially since the platforms—laptops, desktops, mobile and IoT devices—used to access the systems likely have wildly varying levels of security.
One crucial factor in preparing a cyber-defense strategy: information.
Knowing Your Adversary Can Give You a Critical Advantage
Accurate details on global trends, analysis of real-world events, and details on most-used threat vectors can give you the insights to better fortify your enterprise. The 2019 CrowdStrike® Global Threat Report is designed to do just that, but providing analysis, statistics, and case studies, along with recommendations on how to better protect your data resources and your people.
The Report looks at data gathered by CrowdStrike’s incident response, intelligence gathering and threat hunting teams to provide a comprehensive view of the cyber-risk landscape, including the tactics, techniques and procedures (TTPs) used by attackers worldwide. Key metrics include “breakout time,” a measure of the speed with which an intrusion spreads throughout an enterprise. Of note, state actors’ attacks are shown to spread significantly more quickly than those of eCrime organizations.
Also, in the report: where threats originate, such as nation-states that target both internal dissidents and foreign countries for both political and economic gain; the growing sophistication and cooperative strategies of cyber-criminals; and the continuing growth of ransomware attacks, where technology makes it easier to target vulnerable organizations for potentially huge payoffs.
Knowing what kinds of TTPs are prevalent—and the “how, when, and who” behind those attacks — are crucial to helping CISOs decide where to focus resources. To download a copy of the 2019 CrowdStrike® Global Threat Report, click here.