While the response from city authorities prevented the incident from being worse, the action was impactful upon day-to-day city life. the stepping of services resulted in downtimes for the city’s internal information technology network, public website, and more. While this had an impact on the public (with websites like knoxvilletn.gov, law and the mayor going off-line), emergency services such as the police and fire department were unaffected. The city officials are still investigating the incident.
City officials are speculating that the attack was launched through a phishing email mistakenly opened by a local government employee. The full impact of the attack is uncertain and it will require forensic investigation to assess. This is likely to take several weeks to complete.
Looking into the issue for Digital Journal, Chris Kennedy, CISO and VP of customer success, AttackIQ, finds that key security protocols were lacking.
In terms of why municipalities are often a target for hackers, Kennedy explains: “Cybercriminals tend to target organizations that require the least effort to hack for maximum profit, and state and local governments usually fit the bill.” This is especially so for local government areas due to the predominance of legacy infrastructure, which is far easier to =exploit.
Kennedy also fees digital transformation projects as opening doors to cybercriminals: “Many government agencies are now providing their services online to maximize efficiency, so citizens can conveniently pay off their parking tickets and taxes or even manage their motorist licenses online.” While digitalization is very important, if the technology backing this is unsecure then this provides many opportunities for hackers.
As well as legacy systems weaknesses occur, Kennedy explains, since “most government entities are faced with limited IT resources, budget constraints, and internal personnel may not have the expertise to operate new technology efficiently.”
There is also an over-reliance upon contractors: “For a government agency, the strength of cybersecurity is only as good as the security of the contractors they select, and many do not leverage advanced tools available, thereby introducing additional risk.”
In terms of preventive actions, Kennedy recommends: “The best way to defend against ransomware is readiness and timely response. Organizations must have a comprehensive network segmentation strategy in place to quarantine an outbreak to a localized facility or business unit.”