According to CDW’s 2021 Cybersecurity Study performed independently by IDC Canada, the most common security breaches that Canadian organizations have experienced in the past two years include phishing email or business email compromises and ransomware/malware cyberattacks. Municipal governments across Canada perform the role of data custodians for their citizens, which makes them targets for data breaches. The data includes a lot of Personally Identifiable Information (PII), such as names, addresses, phone numbers, Social Insurance Numbers, property tax records, and more.

Social engineering attacks include phishing, email penetration, testing users to release their login/passwords, clicking on unsolicited websites, etc.

Cyberattacks are on the rise, growing more sophisticated every day. With cybersecurity, it’s not a matter of “if” but “when” you will be faced with such an attack.

The two main categories of external attackers are financially-motivated cyber criminals and politically-motivated state-sponsored threat actors. Local governments can store a wealth of data, and if that information falls into the wrong hands, it can be exploited or monetized in several ways:

• held for ransom and extortion
• used for identity theft and fraud
• pivoted to use the data to launch spear phishing (targeted phishing) attacks on others
• sold to other criminals on the dark web

Email is often the primary vector of cyberattacks and is delivered through phishing, spear phishing, or business emails.

Following a cyberattack, organizations can be down for extensive periods, leading to a loss of services for residents. This loss of service may include emergency services and almost every area of government operations. Integration with other entities creates the potential for supply chain attacks.

Based on the 2021 findings of CDW’s annual, Canadian-focused Cybersecurity Study conducted independently by IDC Canada, Ontario municipalities are experiencing major cyber threats regularly. Of those that responded to the survey, government organizations reported an average of 460 cyberattacks per year (1.26 per day). A vast majority (76%) of Canadian organizations were subjected to subsequent ransomware attacks after recovering. Only 36% of organizations could fully restore their data and systems from backups after an attack.

Cyberattacks not only cost organizations hundreds of thousands to millions of dollars to remediate, but they also cause significant operational disruption and data loss and have the potential for significant legal challenges.

State-sponsored threat actors can target local governments to disrupt and destabilize infrastructure, however, a significant cyber threat to municipalities can also be from within the organization. While cases of malicious intent by municipal staff or third parties are comparatively rare, compromise due to user error or inadvertent action (like falling for a phishing attack) is more common.

In CDW’s 2021 study, more than half (54%) of government entities reported not performing regular scanning to identify vulnerabilities. Here are key pointers that organizations should implement in their cybersecurity processes:

• Annual penetration testing enables the identification of vulnerabilities and risks before cybercriminals exploit them
• Penetration testing minimizes risk and prevents/limits the negative impact of cyberattacks and provides a ‘first line of defence against cyberattacks
• Third-party partners are vital due to the lack of internal expertise and available resources

Compugen has been working with a municipal organization on projects related to cybersecurity. An essential component of the project includes a penetration test on their new website and a tabletop exercise to review the organization’s Incident Response Plan. Simulating a cybersecurity incident to test how the organization reacts is an effective method to prepare for possible attacks in the future.

A focus on recovery needs to be paramount – simply hoping that prevention will be 100% effective is no longer realistic in today’s threat landscape. Dell’s Cyber Recovery Vault solution is an example of a solution that meets the following criteria:

1. Isolation: The components of the data vault must be physically and logically isolated. “Logical” isolation has similarities to an air-gapped network, except that limited connectivity for data updates is permitted regularly, typically daily.
2. Immutability: All data written to the data vault must be “locked” in a manner that electronically prohibits deletion or changes until the expiration of the locking period, which is typically a few weeks to a month.
3. Intelligence: Data in the vault should be analyzed or interrogated to ensure it has not been manipulated or corrupted. We can also take this a step further to provide forensics around an attack to determine what data has been infected and what data has not – to enable an organization to quickly identify clean copies to perform quick, effective, and ­clean recovery to resume normal business operations with confidence.

There are eight basic defences that any organization, especially municipal governments, should have in place.

1. Establish robust IT policies and procedures featuring a well-tested incident response plan
2. Provide frequent security awareness training and testing to make sure that your staff are constantly vigilant and prepared to act as your first line of defence
3. Implement multi-factor authentication, which is one of the single most effective ways of reducing cyber risk
4. Develop comprehensive asset and patch management programs to ensure you know what’s on your network and that it is up to date.
5. Conduct frequent well-tested backups and archives and ensure that they are tested regularly
6. Deploy endpoint security software that detects and prevents cyber threats from both known and unknown threats
7. Introduce a security information and event management (SIEM) service to help you recognize potential security threats and vulnerabilities and supports incident management
8. Maintain a posture of “least privilege” access to ensure that staff only have access to what they need when they need it – nothing more

Municipalities may encounter several types of cyberattacks, including ransomware, credential theft, password theft, Identity Access Management gaps, and other privacy breaches. Detection and Response are two of the areas that organizations lack support for to prevent and recover from a potential cyberattack.

Tools like vulnerability management solutions, asset management solutions, network packet analysis, and Endpoint Detection and Response (EDR) help public sector entities identify assets within the organization. Additionally, digital forensic hardware and software, malware reverse engineering software, and other tools can also assist in minimizing damage. CDW Canada is currently awarded four OECM agreements, three of which can be leveraged to prevent and treat cybersecurity breaches on municipal entities: Networking Products and Related Services, Software License Products and Related Services, and Vulnerability Assessment and Penetration Testing Services.

Compugen offers a complete security consulting practice to help organizations protect their network, infrastructure, and end-user devices. Their professional service and product offerings are available through these OECM agreements: Cloud Technology and Related Professional Services, End-User Computing Devices and Services, and Networking Products and Related Services.

Dell PowerProtect Cyber Recovery provides the highest protection, integrity, and confidentiality levels for valuable data and critical business systems. It is a critical component of a comprehensive Cyber Resiliency strategy. A modern and powerful cyber resilience strategy and Dell Data Protection are vital in enabling customers to increase business agility, accelerate time to market, improve their cloud economics, and reduce business risk. Dell is an awarded supplier partner on OECM’s End-User Computing Devices and Services and Networking Products and Related Services agreements.

Strategically, ISA Cybersecurity can also provide resources and guidance to assist municipalities in developing and implementing an overarching cyber program; one that considers security, privacy, and data management holistically. ISA Cybersecurity is awarded on OECM’s Networking Products and Related Services agreement.

Softchoice has several product offerings and services to prevent and treat cybersecurity breaches for municipalities, available through the following OECM agreements: Networking Products and Related Services and Software License Products and Related Services.

The results consistently show that cyberattacks are increasing in both sophistication and frequency. Yet, while many organizations understand the importance of conducting regular security assessments, nearly three-quarters (72%) reported concerns over their lack of time, resources, and expertise to perform vulnerability scanning and penetration testing. As the threat landscape and “attack surface” continues to grow exponentially due to increased hybrid cloud adoption and remote/work-from-home models, regular penetration testing can help organizations minimize the risks posed by cyber threat actors.

Cyber threats are expected to continue to increase, mainly due to working from home and distributed work environments. Most organizations have strong data protection and detection capabilities in place already. However, organizations need to consider recovery as part of their cyber resiliency and risk management strategies.

Developing a risk-based cyber approach ensures that the municipality supports compliance and sound governance, addresses real-world risks cost-effectively, and balances those risks against other critical imperatives, such as providing timely, effective, and efficient services.