It’s no surprise that government municipalities are attractive targets for cybercrime.
Financial constraints and small IT teams, combined with the fact that municipalities perform a number of sensitive operations such as law enforcement, creates a perfect storm of opportunity for threat actors to deploy ransomware, malware and other malicious behavior.
In fact, 44% of local governments reported that they were under attack daily or hourly, according to an ICMA study.
Securing Local Government Networks and Citizen Data
With budgets and IT teams both stretched thin, city and county municipalities must still stay ahead of cyberattacks to prevent disruptions to critical infrastructure. When a cybersecurity incident hits a state or local government agency, it can affect medical treatment, leak citizen and police data, and violate compliance regulations like CJIS and IRS Pub 1075.
Time to security is more critical than ever to quickly detect and contain threats.
With Blumira’s cloud detection and response platform, you can get up and running faster than any other security solution — using your existing team and infrastructure. Get comprehensive security coverage in minutes for your entire IT environment to rapidly detect and stop attacks.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes.
High Cost of Ransomware For State & Local Governments
In 2020 alone, 2,400 U.S.-based governments, healthcare facilities and schools fell victim to ransomware (Bluevoyant). A ransomware attack against the city of New Orleans resulted in the disruption of municipal and traffic court operations, access to electronic health records and their homeless outreach program — which was far more costly than an initial investment in security solutions.
“The attack will cost the City over $7 million to fix but might have been prevented by investing in cybersecurity tools beforehand.” – Rep. Cedric Richmond, D-La.
Cybersecurity Challenges For State & Local Governments
IT teams in the public sector must deal with budgetary constraints, administrative politics, and a whole lot of red tape. Attackers view state and local governments as extremely easy targets for the following reasons:
- Their infrastructure is often out of date or running legacy tech that cannot be easily updated or patched for the latest vulnerabilities.
- It often isn’t hardened against basic attacker tactics or techniques.
- Due to limited resources and smaller IT teams, they may also not have the security expertise in-house to know what to focus on, or how to respond to a security incident.
Limited budgets. Evaluating a government entity’s tech budget is a complex process fraught with public scrutiny, which leads to most IT leaders in local government operating on a shoestring budget. Over half of state governments, for example, don’t have a separate cybersecurity budget, according to NASCIO. Federal government programs like the American Rescue Plan help to address some of those barriers, but one-time grants often don’t address the ongoing costs associated with good cybersecurity hygiene, including regular software upgrades, end user training and network monitoring. Grants don’t particularly address the reality of the situation, either; ad hoc attempts to “fix” cybersecurity due to one emergency do not propagate solutions but rather only address the aforementioned one-off issues.
Staffing concerns. When it comes to cybersecurity in government, there are also staffing hurdles to overcome. Over half (53%) of governments said that an insufficient number of IT staff is a severe or somewhat severe hurdle, according to the ICMA/Microsoft study. It’s common, for example, for IT staff within local government to have many responsibilities, from server maintenance and infrastructure upgrades to resolving helpdesk and support tickets. In fact, only 1% of local governments have a stand-alone cybersecurity department, according to an ICMA/University of Maryland, Baltimore County study.
Plus, lower budgets make it difficult to hire and retain cybersecurity talent without a competitive salary to offer. Over half (53.8%) of local governments said that an inability to incentivize talent with competitive salaries was a severe or somewhat severe barrier for cybersecurity, according to an ICMA study.
There’s also an increased pressure on cities to become “smart cities” by introducing connected devices like water meters, traffic sensors, body cameras and more. Not only do these IoT devices create more data that IT leaders must store and manage, but it also increases the attack surface for adversaries.
Don’t have the budget to implement more expensive security tools? Blumira’s free edition gives you visibility into your Microsoft 365 environment in minutes. Get your free account today.
Sensitive data. Speaking of data, the sensitivity of data that governments store also contributes to their vulnerability for attacks. Local governments store significant amounts of personally identifiable information (PII) for their citizens, as well as financial information on the government agencies themselves.
Leaking that sensitive data can have catastrophic consequences. When the D.C. Police Department suffered a ransomware attack in May 2021, for example, ransomware actors released files for hundreds of police officers dating back to 2004, which contained embarrassing private details including their past drug use, finances and even past sexual abuse.
Ransomware attacks against state and local governments have risen 50% since 2017, with the average ransom demand at nearly half a million (Bluevoyant).
Cybersecurity Best Practices for Government Institutions
Securing a government agency can seem like a daunting task — especially as IT leaders in government juggle so many different priorities. But for government IT leaders, the consequences are dire. The City of Baltimore was just one example of what happens when governments don’t prioritize cybersecurity. The city was hit twice with ransomware, once in 2018 and once in 2019. The 2018 attack alone cost the city an estimated $18 million.
There are some best practices that IT teams in government can follow, even with limited budgets and staff:
Prioritize end user training. IT and security teams should know about ransomware warning signs, but so should end users. Nearly 30% of government agencies said they never conduct end-user training. Failure to train and educate users often points to a broader issue — a lack of security culture throughout an agency. That, combined with the fact that human error is the starting point for many cyberattacks, means that government agencies should make training more of a priority.
At a minimum, IT and security teams should inform staff about how to spot a phishing email. More formal security awareness training is even better, but an informal chat about what a phishing email can look like and what to do is a good first step.
Deploy Sysmon. When it comes to preventing ransomware, it’s important to have visibility into an environment. Endpoint detection and response (EDR) tools can achieve that, but they can also be expensive and out of the question for local government institutions with limited budgets. System Monitor (Sysmon for short) is a free Microsoft utility that small IT teams can use to get visibility into their environments. Sysmon is part of the Sysinternals software package and provides a higher level of event monitoring than the standard Windows logs. It records events such as network connections, process creations, file hashes, and changes to the Windows Registry.
IT leaders without the budget for an EDR solution should deploy Sysmon for enhanced logging that can provide a wealth of data about endpoints. Since Sysmon is free, it does require more care and feeding than a plug-and-play paid tool. IT admins need to deploy updates as they are released and make configuration changes as necessary, but those tasks generally fall under the umbrella of standard patch management. It’s relatively easy to install and configure Sysmon in a few steps.
Implement threat detection and response. Using Sysmon and a centralized log management tool will provide some visibility into an environment and help with alerting, but small IT and security teams need to know how to respond to those alerts. A threat detection and response solution alerts IT and security teams on suspicious behavior that is indicative of a ransomware attack.
How Local Governments Can Detect Cyberattacks With Blumira
Blumira offers an all-in-one solution that local governments can leverage, no matter what size team or level of security expertise. Blumira’s platform enables you to detect and respond to threats to prevent a ransomware attack and data breach:
Monitor and detect real threats:
- Deploy in minutes and hours, not weeks or months – Blumira is 5x faster to fully implement than other security solutions, increasing your time to security*
- Get meaningful, high-value alerts on real threats to reduce false positives and alert fatigue for your small teams so they know what to prioritize
- Gain comprehensive visibility with third-party integrations across cloud, on-premises and cross-platform; and track trends with security reports
Common security issues seen in state and local government:
- Password spraying – This is a type of brute-force attack Blumira detects that is used by attackers to gain initial access into a local government’s systems.
- RDP connections – Remote Desktop Protocol is often misconfigured to allow public IP access from the internet, which can result in ransomware. Blumira notifies you of any external attempts to connect via RDP to your network to protect against attacker exploitation.
- Lateral movement – Attackers will target local government network devices for unauthorized access to enable them to move laterally through your environment. Blumira’s honeypots give you an easy, one-click way to detect and respond to these attempts.
Enable your team to quickly respond:
- Respond automatically through Blumira’s platform by blocking known threats
- Know what to respond to with Blumira’s prioritized alerts that tell you what’s critical and urgent
- Know how to respond quickly with the step-by-step playbooks that populate with every alert
Gain access to security expertise:
- Get responsive security advice from Blumira’s experienced security team
- Dedicated assistance with onboarding, deployment, integrations and rule management
- Advanced support for incident response to help with triage and provide logs for investigation and remediation
*Based on a comparison of 12 different SIEM providers on G2
How Blumira Makes Cybersecurity Easy for State & Local Government
Get more detail on the value we provide for state and local government cybersecurity:
- Ease of Deployment & Use – Set up Blumira’s cloud-delivered detection and response platform in minutes or hours, using your existing smaller teams; no need for security expertise to manage or respond to alerts.
- Lower TCO (Total Cost of Ownership) – On average, Blumira is 25-40% more affordable than other SIEM providers, making it easy to justify budget and ROI (return on investment) to your executive board
- Automated Security Operations – Blumira’s platform automates the manual process of threat hunting and analysis. Using pre-built rules, Blumira sends high-value alerts on detected threats so small teams knows what to prioritize and how to respond
- Comprehensive Coverage – Out-of-the-box, vendor-agnostic integrations with third parties across on-premises and cloud applications provide advanced security visibility and wide coverage across complex, hybrid environments often seen in state and local government
- Help Meet Compliance – Blumira’s platform automates daily log reviews to help state and local governments meet CJIS, IRS Pub 1075 and other compliance requirements for audit trails, log review, detection and response, log retention and more. It also provides scheduled, automated reports useful for auditors.
- Trusted Security Advisors – At no added cost, you get access to responsive, helpful security advice from Blumira’s in-house security operations team to assist with onboarding, management, new integrations or incident response triage and investigation as needed – acting as an extension of your existing IT team.
Meeting CJIS & IRS Pub 1075 Compliance
CJIS For Local Government Compliance
Enforced by the FBI, local governments need to comply with the CJIS (Criminal Justice Information Services) security policies for protecting the use of criminal justice data used by police and sheriff departments at local municipalities.
Blumira can help with CJIS compliance requirements (5.3-5.5) for incident handling, monitoring, auditing, events, response to audit processing failures, record retention and more.
IRS Pub 1075 For Local Government Compliance
Enforced by the Internal Revenue Services (IRS), state and local governments need to comply with the IRS Publication 1075 set of requirements that outline tax information security guidelines for federal, state and local agencies. It provides safeguards for protecting federal tax returns and tax information.
Blumira can help with IRS Pub 1075 requirements (3.2, 4.7, 9.3 and more) for audit trails, data storage, audit events/records, protection of audit information, continuous monitoring and more.
Other Compliance: HIPAA, NIST
For certain municipalities, they must meet other compliance requirements to safeguard healthcare patient data, such as that of incarcerated inmates held in county prisons. Blumira can help you meet security requirements such as HIPAA, NIST 800-53 and more.
Free SIEM For State and Local Governments
On average, it takes most organizations a matter of minutes and hours to start sending logs to Blumira’s platform for detection and response coverage.
While traditional SIEMs require months of setup, Blumira does all of the heavy lifting for you – we parse your data, write and roll out new rules automatically, and provide pre-written playbooks for response.
With Blumira’s free edition, you can detect and respond to Microsoft 365 threats for unlimited users and data.
This makes it fast, easy, and free for city and county local governments to try Blumira’s platform before they decide to buy, using the team they have today.