Warning: You’ve Been Infected!
Have you ever received an email from a random person claiming to owe you a large sum? Or a call from a CRA agent informing you of your imminent arrest if you fail to pay the penalty on unpaid taxes? Behind the screen and the phone lurk professional scammers attempting to steal sensitive information and extort money from innocent victims through phishing or hacking. The damage can be catastrophic when an entire organization falls victim to a similar cyberattack.
An organization’s network system is the nucleus of the entire organizational structure. Consider it an all-encompassing core that houses archives, data, policies, contacts, and other confidential information. An attack on the network jeopardizes not only the company’s privacy and security but also damages the integrity and reputation of the organization. Government institutions are at an increased risk due to their possession of sensitive data, political materials, citizen information, and other pieces of intelligence.
According to IBM Security’s X-Force Threat Intelligence Index 2022 report, server access attacks, data theft, and fraud were the most common form of cyberattacks against the public sector in 2021. The report noted that phishing attacks and vulnerability exploitation (a term used to describe cyberattacks against a network’s defenses targeting municipalities) were the two most common methods of breaching government bodies. Municipalities across Ontario are prioritizing cybersecurity and taking proactive measures to avoid becoming a casualty in the war against Spyware.
Caution: Understanding cyberattacks in the public sector
OECM reached out to five of our Information Technology (IT) supplier partners for their expert input on the dangers of cyberattacks and what municipalities can do to prevent them.
CDW Canada: “Municipal governments across Canada perform the role of data custodians for their citizens, which makes them targets”
According to CDW’s 2021 Cybersecurity Study performed independently by IDC Canada, the most common security breaches that Canadian organizations have experienced in the past two years include phishing email or business email compromises and ransomware/malware cyberattacks. Municipal governments across Canada perform the role of data custodians for their citizens, which makes them targets for data breaches. The data includes a lot of Personally Identifiable Information (PII), such as names, addresses, phone numbers, Social Insurance Numbers, property tax records, and more.
Compugen Inc.: “One of the primary threats that municipalities face is social engineering.”
Social engineering attacks include phishing, email penetration, testing users to release their login/passwords, clicking on unsolicited websites, etc.
Dell Technologies: “…it’s not a matter of “if” but “when” you will be faced with such an attack.”
Cyberattacks are on the rise, growing more sophisticated every day. With cybersecurity, it’s not a matter of “if” but “when” you will be faced with such an attack.
ISA Cybersecurity Inc.: “If that information falls into the wrong hands, it can be exploited or monetized…”
The two main categories of external attackers are financially-motivated cyber criminals and politically-motivated state-sponsored threat actors. Local governments can store a wealth of data, and if that information falls into the wrong hands, it can be exploited or monetized in several ways:
- held for ransom and extortion
- used for identity theft and fraud
- pivoted to use the data to launch spear phishing (targeted phishing) attacks on others
- sold to other criminals on the dark web
Softchoice Canada Inc.: “Email is often the main vector of cyberattack”
Email is often the primary vector of cyberattacks and is delivered through phishing, spear phishing, or business emails.
Danger: What a cyberattack could mean for a municipality
CDW Canada: “Integration with other entities creates the potential for supply chain attacks.”
Following a cyberattack, organizations can be down for extensive periods, leading to a loss of services for residents. This loss of service may include emergency services and almost every area of government operations. Integration with other entities creates the potential for supply chain attacks.
Based on the 2021 findings of CDW’s annual, Canadian-focused Cybersecurity Study conducted independently by IDC Canada, Ontario municipalities are experiencing major cyber threats regularly. Of those that responded to the survey, government organizations reported an average of 460 cyberattacks per year (1.26 per day). A vast majority (76%) of Canadian organizations were subjected to subsequent ransomware attacks after recovering. Only 36% of organizations could fully restore their data and systems from backups after an attack.
Dell Technologies: “[Cyberattacks] have the potential for significant legal challenges.”
Cyberattacks not only cost organizations hundreds of thousands to millions of dollars to remediate, but they also cause significant operational disruption and data loss and have the potential for significant legal challenges.
ISA Cybersecurity Inc. “A significant cyber threat to municipalities is also from within the organization.”
State-sponsored threat actors can target local governments to disrupt and destabilize infrastructure, however, a significant cyber threat to municipalities can also be from within the organization. While cases of malicious intent by municipal staff or third parties are comparatively rare, compromise due to user error or inadvertent action (like falling for a phishing attack) is more common.
Prevention: Effective cyber defences to prevent an attack
CDW Canada: “More than half (54%) of government entities have reported that they do not perform regular scanning to identify vulnerabilities.”
In CDW’s 2021 study, more than half (54%) of government entities reported not performing regular scanning to identify vulnerabilities. Here are key pointers that organizations should implement in their cybersecurity processes:
- Annual penetration testing enables the identification of vulnerabilities and risks before cybercriminals exploit them
- Penetration testing minimizes risk and prevents/limits the negative impact of cyberattacks and provides a ‘first line of defence against cyberattacks
- Third-party partners are vital due to the lack of internal expertise and available resources
Compugen Inc.: “Simulating a cybersecurity incident to test how the organization reacts is an effective method to prepare…”
Compugen has been working with a municipal organization on projects related to cybersecurity. An essential component of the project includes a penetration test on their new website and a tabletop exercise to review the organization’s Incident Response Plan. Simulating a cybersecurity incident to test how the organization reacts is an effective method to prepare for possible attacks in the future.
Dell Technologies: “Simply hoping that prevention will be 100% effective is no longer realistic….”
A focus on recovery needs to be paramount – simply hoping that prevention will be 100% effective is no longer realistic in today’s threat landscape. Dell’s Cyber Recovery Vault solution is an example of a solution that meets the following criteria:
- Isolation: The components of the data vault must be physically and logically isolated. “Logical” isolation has similarities to an air-gapped network, except that limited connectivity for data updates is permitted regularly, typically daily.
- Immutability: All data written to the data vault must be “locked” in a manner that electronically prohibits deletion or changes until the expiration of the locking period, which is typically a few weeks to a month.
- Intelligence: Data in the vault should be analyzed or interrogated to ensure it has not been manipulated or corrupted. We can also take this a step further to provide forensics around an attack to determine what data has been infected and what data has not – to enable an organization to quickly identify clean copies to perform quick, effective, and clean recovery to resume normal business operations with confidence.
ISA Cybersecurity Inc.: “There are eight basic defences that any organization, especially municipal governments, should have in place.”
There are eight basic defences that any organization, especially municipal governments, should have in place.
- Establish robust IT policies and procedures featuring a well-tested incident response plan
- Provide frequent security awareness training and testing to make sure that your staff are constantly vigilant and prepared to act as your first line of defence
- Implement multi-factor authentication, which is one of the single most effective ways of reducing cyber risk
- Develop comprehensive asset and patch management programs to ensure you know what’s on your network and that it is up to date.
- Conduct frequent well-tested backups and archives and ensure that they are tested regularly
- Deploy endpoint security software that detects and prevents cyber threats from both known and unknown threats
- Introduce a security information and event management (SIEM) service to help you recognize potential security threats and vulnerabilities and supports incident management
- Maintain a posture of “least privilege” access to ensure that staff only have access to what they need when they need it – nothing more
Softchoice Canada Inc.: “Detection and Response are two areas that organizations lack.”
Municipalities may encounter several types of cyberattacks, including ransomware, credential theft, password theft, Identity Access Management gaps, and other privacy breaches. Detection and Response are two of the areas that organizations lack support for to prevent and recover from a potential cyberattack.
Cure: Building a post-attack action plan
CDW Canada: “Endpoint Detection and Response (EDR) tools are one solution within an incident responders kit.”
Tools like vulnerability management solutions, asset management solutions, network packet analysis, and Endpoint Detection and Response (EDR) help public sector entities identify assets within the organization. Additionally, digital forensic hardware and software, malware reverse engineering software, and other tools can also assist in minimizing damage. CDW Canada is currently awarded four OECM agreements, three of which can be leveraged to prevent and treat cybersecurity breaches on municipal entities: Networking Products and Related Services, Software License Products and Related Services, and Vulnerability Assessment and Penetration Testing Services.
Compugen Inc.: “A full security consulting practice to help organizations protect their network…”
Compugen offers a complete security consulting practice to help organizations protect their network, infrastructure, and end-user devices. Their professional service and product offerings are available through these OECM agreements: Cloud Technology and Related Professional Services, End-User Computing Devices and Services, and Networking Products and Related Services.
Dell Technologies: “A modern and powerful cyber resilience strategy and Dell Data Protection are key….”
Dell PowerProtect Cyber Recovery provides the highest protection, integrity, and confidentiality levels for valuable data and critical business systems. It is a critical component of a comprehensive Cyber Resiliency strategy. A modern and powerful cyber resilience strategy and Dell Data Protection are vital in enabling customers to increase business agility, accelerate time to market, improve their cloud economics, and reduce business risk. Dell is an awarded supplier partner on OECM’s End-User Computing Devices and Services and Networking Products and Related Services agreements.
ISA Cybersecurity Inc.: “Developing and implementing an overarching cyber program….”
Strategically, ISA Cybersecurity can also provide resources and guidance to assist municipalities in developing and implementing an overarching cyber program; one that considers security, privacy, and data management holistically. ISA Cybersecurity is awarded on OECM’s Networking Products and Related Services agreement.
Softchoice Canada Inc.: “Several product offerings and services to prevent and treat….”
Softchoice has several product offerings and services to prevent and treat cybersecurity breaches for municipalities, available through the following OECM agreements: Networking Products and Related Services and Software License Products and Related Services.
Forecast: Where is cybersecurity headed?
CDW Canada: “Regular penetration testing can help organizations minimize the risks posed by cyber threat actors.”
The results consistently show that cyberattacks are increasing in both sophistication and frequency. Yet, while many organizations understand the importance of conducting regular security assessments, nearly three-quarters (72%) reported concerns over their lack of time, resources, and expertise to perform vulnerability scanning and penetration testing. As the threat landscape and “attack surface” continues to grow exponentially due to increased hybrid cloud adoption and remote/work-from-home models, regular penetration testing can help organizations minimize the risks posed by cyber threat actors.
Dell Technologies: “Organizations need to consider recovery as part of their cyber resiliency and risk management strategies.”
Cyber threats are expected to continue to increase, mainly due to working from home and distributed work environments. Most organizations have strong data protection and detection capabilities in place already. However, organizations need to consider recovery as part of their cyber resiliency and risk management strategies.
ISA Cybersecurity Inc.: “Developing a risk-based cyber approach….”
Developing a risk-based cyber approach ensures that the municipality supports compliance and sound governance, addresses real-world risks cost-effectively, and balances those risks against other critical imperatives, such as providing timely, effective, and efficient services.