Can Your Municipality Protect Itself from a Ransomware Attack?

June 10, 2022

The news headlines are everywhere – especially since the war in Ukraine began – when numerous cyberattacks were reported against that country. Cybercriminals have not only launched attacks on all types of industries, but also on government organizations, both in the U.S.  and abroad. These bad actors want to steal sensitive information, compromise operations or hold data ransom for large amounts of money.

Ransomware attacks are growing in prevalence and affecting local government organizations. As just one example of the threats experienced by state and local agencies in 2021, cybercriminals launched a ransomware attack on the police department in Bristol, Virginia, gaining control of the department’s computers and accessing classified data, which was later sold on the dark web. According to the Bristol Herald Courier article that reported the attack, ransomware crimes have been on the rise for the last few years. It states that Emisisoft, a New Zealand-based cybersecurity software firm, reported at least 2,354 local governments, healthcare facilities and schools in the U.S. were impacted in 2020 – and the victims included 113 federal, state and municipal governments and agencies.

Local government organizations are especially unprepared for ransomware attacks

A newer report underwritten by cybersecurity firm Sophos, “The State of Ransomware in Government in 2021,” is based on an independent survey of 5,400 IT professionals across 30 countries. It declares that the state of ransomware in both governmental and non-departmental public bodies (NDPBs) is a national emergency.

While 40 percent of central government and NDPB organizations experienced ransomware attacks last year, 34 percent of local government organizations were also hit, according to the study’s findings. Moreover, 64 percent of the local governments said that the cybercriminals succeeded in encrypting their data in the most significant attack – fully 20 percent higher than the central government attacks.

The risk is potentially millions of dollars in damages, downtime and more

Worse yet, only 42 percent of those whose data was encrypted used backups to restore data, and just 73 percent of local government organizations have a malware incident recovery plan, which is the lowest of all the sectors surveyed. The average bill for rectifying a ransomware attack – considering downtime, people time, device cost, network cost, lost opportunity, ransom paid and more – was US$1.64 million, an expensive and unfortunate experience for local government organizations whose budgets are already stretched thin.

Richard Forno and other researchers at the University of Maryland recently studied the cybersecurity (un)preparedness of more than 90,000 local government entities. One (among other) startling findings from their research: nearly one-third of U.S. local governments would be unable to tell if they were under attack in cyberspace. Forno also points out that nearly half of these governments reported that their IT policies and procedures didn’t meet with industry best practices.

Forno notes that, like private companies, local governments face the same types of cybersecurity threats, weaknesses and management issues. They also struggle to hire and retain qualified IT and cybersecurity staff because they can’t compete with wages and workplace cultures that compare with those of the private sector or federal government. With their financial and other constraints, local government entities are at particular risk for attacks  – especially with the increased use of smart devices and interest in creating “smart cities,” where the IoT presents hackers with multiple and potentially devastating opportunities.

To start, establish basic security measures throughout the organization

There’s no single way to eliminate all cybersecurity problems, but the solutions start with good, basic cybersecurity measures, such as those recommended by the National Institute of Standards and Technology’s Cybersecurity Framework to help organizations manage and reduce risk.  It’s important to note that every government worker is responsible for the security of the electronic information in their control.

In this evolving global climate, government organizations in the U.S. and abroad are faced with a wide range of significant challenges beyond security – key among them are the ability to streamline business processes while doing more with constrained budgets. They are constantly expected to provide exceptional public services while reducing costs. With the move to digital systems, devices and data storage continue to provide public sector users with new ways to manage information, how do they protect that data from being ransomed?

An experienced third-party solutions provider with a successful track record can help. As a market leader in managed IT services, technology, information management and security, Konica Minolta provides federal, state and local government agencies with solutions to expedite and make processes more efficient, optimize infrastructure and provide additional security. Konica Minolta offers everything from built-in protection for documents and devices to enhanced capabilities and options that meet or exceed the highest security needs of government organizations.

Security also begins with product design

Konica Minolta’s bizhub® i-Series multifunction printers (MFPs) are designed to meet ISO 15408 certification at hard copy device protection profile (HCD-PPV1.0) – the highest security level given to commercial-off-the-shelf (COTS) document imaging products. Every bizhub device is evaluated and certified as a total system, tested for standalone performance and against possible threats from outside network connections, even the possibility of a hard disk drive being removed from the device. Evaluation profiles for these MFPs include more than 300 security-based items.

In addition, Federal initiatives mandate that MFPs sold to government entities be capable of reading the CAD and PIC cards issued to government employees and capable of public key infrastructure (PKI) encryption. The embedded PKI technology is the basis for Konica Minolta’s industry-leading authentication platform for authentication platform for Personal Identification Verification (PIV) and Department of Defense (DoD) issued Common Access Cards (CACs). These are used for general identification purposes and can be used to control access to computers, networks and facilities. These cards, in combination with a personal identification numbers, satisfy the two-factor authentication requirement.

The company’s solutions have repeatedly been recognized in American Security Today’s “ASTORS” Homeland Security Awards Program. Since 2017, Konica Minolta has earned five Gold Awards, two Silver Awards and five Platinum Awards.

Visit Konica Minolta online to learn more about its federal, state and local solutions.

Konica Minolta

Konica Minolta aims to partner with clients to Give Shape to Ideas by supporting their digital transformation through its expansive Intelligent Connected Workplace portfolio. Its business technology offerings include IT Services, intelligent information management, video security solutions and managed print services, as well as office technology and industrial and commercial print solutions.