TOP 8 CYBER SECURITY THREATS GUNNING FOR LOCAL GOVERNMENTS
Preventing costly cyber attacks from bringing your government offices to a screeching halt is a two-sided coin. It requires both educating your users and protecting your system. Secure platforms are everyone’s responsibility. Summit Technologies LLC offers government accelerators for economic development, environmental health, licensing and permitting, and citizen request management. Our software solutions are FEDRAMP compliant and designed to keep your data and your systems secure.
Here’s a quick list of the top eight issues commonly experienced in small-to-medium local governments:
Ransomware – Cybersecurity company Emsisoft said 948 government agencies and healthcare providers were attacked with ransomware in 2019 alone with costs exceeding $7.5 billion. Ransomware is an attack where an infected host encrypts a victim’s data and holds it hostage until a fee is paid. Several years ago, multiple cities across the United States suffered ransomware attacks and ended up paying untold amounts of money to regain access to their own data. Ransomware-as-a-Service even exists allowing anyone to extort a victim to get their data back without any technical skills.
Phishing – Hackers obtain pilfered user credentials via phony emails creating another common issue for local governments. An email from a trusted vendor or other individual arrives inviting the recipient to click on a link to log into a specific account – at which time the cyber-criminal has obtained a set of user credentials. The easy availability of phishing toolkits allow even hackers possessing only minimal technical skills to launch dangerous phishing campaigns.
Trojans and Spyware – The Trojan in itself isn’t an issue. Much like Troy’s horse, it’s the actions that the Trojan enables that can cause problems. Trojans come by email or infected websites or advertisements your users access. Trojan viruses are a type of malware downloaded onto a computer disguised as a legitimate program. Spyware allows for data theft and user activity tracking after taking over a device. Spyware typically dupes a target user or exploits an existing vulnerability.
Broken User Access Control – This is simply a scenario where attackers can access, modify, delete or perform actions outside an application or systems’ intended permissions. As software and applications have moved to more complicated security, giving users access to only what they need has become more critical. Managing permissions for your organization is important to prevent a cloud-based breach. Incorrectly configured security controls can quickly lead to a breach of data or unauthorized access to your platform and applications.
Denial of Service Attacks – A DoS attack floods a network with traffic causing a system slowdown or complete crash. DoS attacks often focus on high-profile organizations with public-facing websites such as banking, media, or government institutions depriving legitimate users of access to the system. Flooding or crashing the system, cyber attackers bombard victim computers with more traffic than they can handle.
Account Takeover – Attackers pose as real customers, users, or employees and then gain entry to accounts and wreak havoc on your systems from the inside. Any web-based system that requires a login is susceptible.
Command and Control Attacks – A hacker gains access to a single computer and uses it to send commands or malware to other systems on the network, or to gather sensitive data. This form of attack has been used to shut down energy grids among other dangers and often is initiated through phishing schemes or other methods of stealing a user's login credentials. Leveraging a trusted account the hacker can operate undetected for a long period of time. Multi-factor authentication is one solid prevention tool for command and control attacks.
Data Theft from Information Repositories – Information repositories, think digital libraries and filing cabinets, are used by many organizations to store data meant to be shared internally. Microsoft SharePoint, Atlassian Confluence, and Integrate.io are common examples. Once a hacker accesses an organization’s information repository they access privileged data often targeting government agencies.
Summit Technologies LLC Zembretta software is cloud-based and fully compatible with web-enabled mobile devices. Our solutions are developed using the latest technologies on the world’s top rated CRM. From application integration to dashboards to document and image attachment, our civic solutions help you streamline processes and better serve your citizens.