Tulsa, Oklahoma, one of the 50 biggest cities in the U.S., was hit by a ransomware attack over the weekend. The scale of the attack was wide enough to affect all of the city government’s network. The cyber-assault brought down official websites.
A statement from the city has indicated no customer information is comprised but that the community can expect delays in network services. The city’s information technology and security teams are reportedly working with a security adviser and shut down many internal systems out of an abundance of caution.
Digital Journal reached out to James Carder, Chief Security Officer at LogRhythm and Vice President LogRhythm Labs, for a security insider take on the situation.
Carder begins by looking at the scale of ransomware attacks in the U.S., noting: “Ransomware continues to be a prolific threat to our local, state and federal governments, as well as essential critical infrastructure like we have seen with the recent Colonial Pipeline attack.”
This shows no signs of abating, says Carder: “Unfortunately, governments will continue to be sought-after targets for hackers because of the public nature and significant impact, the plethora of rich information that can be leveraged, and the often-inferior defenses that allow easy exploitation.”
As technology marches on, so does the opportunity for cybercrime: “There is a shortage of people, process, and technology in most city governments and their agencies, which is leading to more vulnerabilities and increased risk and susceptibility to cyberattacks like ransomware.”
There are measures that can be taken, according to Carder. For example: “Government entities need to recognize that the possibility of a ransomware attack is only increasing with time and take pivotal steps to successfully prepare for a ransomware attack and ensure continued, uninterrupted support to U.S. citizens.”
In terms of the immediate issue: “The attacks we have seen over the last 72 hours are a marked escalation to what was an already major threat. To prepare, organizations must patch aggressively, limit privileged access, create backups, prepare a response plan, prioritize educational training and consider cyber insurance.”
Carder looks at other remediation: “It is also worth noting that when states declare an emergency, which can be done in reaction to a large ransomware attack, they will have access to millions in emergency funding and the national guard. The emergency funding can greatly help defend and recover from damaging cyberattacks and is a lever that should be pulled if you have experienced one.”
Carder concludes by explaining: “Above all, cybersecurity needs to be properly funded to prevent these kinds of attacks on governments as they are a matter of when, not if. As with anything in life it’s about how you can respond to these attacks and that’s not something organizations want to do without practice and a plan.”