By Mike Miracle, senior vice president marketing and strategy
The scourge of ransomware is not new, but recent months have seen a spate of fresh attacks on city governments. One high-profile example is Baltimore, which faced a lengthy system outage in May and June after refusing to pay the ransom demanded. The attack did come with a hefty price tag of an estimated $18 million for recovery and improved defenses. Later in June, two small municipalities in Florida paid ransoms of $600,000 and $500,000, respectively, and July saw successful attacks against LaPorte County, Indiana, and three public school districts in Louisiana, whose governor responded by issuing a state of emergency .
While the FBI recently said it doesn’t have enough data to suggest any one sector is being targeted more than others, attacks on municipalities are often more visible because they cannot be resolved quietly in private — they create chaos for citizens by disrupting payment, communication and permit systems, and they require taxpayer funding for repair and recovery and/or ransom payment.
Municipalities also tend to be more susceptible than large enterprises because they often have limited technology budgets, poor cyber hygiene frequently marked by outdated and unpatched systems, and a shortage of cybersecurity expertise tasked with managing challenges or solving for issues. With sprawling, outdated and slow-to-upgrade IT footprints, if even one machine hasn’t been updated the infection can take hold and spread. Together, these factors create challenges that leave small and mid-sized cities ripe for exploitation by cybercriminals, adversarial nation states and other bad actors.
Baltimore, for example, was likely targeted because it is a small enough municipality that it lacked the resources to update its networks and systems, despite having been warned about their vulnerability to potential attacks. Some prominent security researchers have alleged that EternalBlue, an exploit developed by the NSA before being stolen and published on the Dark Web by hacker collective Shadow Brokers, was used to stage the attack.
What’s New with IoT is Still Old
In a 2018 blog post on defeating ransomware, we outlined some practical steps — still necessary and effective — that organizations can take to defeat these attacks. We also highlighted the importance of network segmentation, which is still one of the best ways to prevent malware from infecting your critical systems and bringing an organization to its knees.
In fact, microsegmentation is even more critical now, as increasing numbers of IoT devices connect to networks, creating more new potential vulnerabilities as the attack surface becomes increasingly varied and expansive.
Nowhere is the IoT challenge more evident than in the healthcare industry. Like municipalities, healthcare organizations have become major targets of ransomware attacks in the past few years. Many hospitals use a wide range of new and old technologies, and employees often do not know what systems are running on the medical devices they use, have no information on security protocols or recommended security upgrades, and would not necessarily recognize if a device in use had been hacked.
Smaller hospitals, particularly those in rural and underserved areas, may have neither the awareness nor the resources to hire cybersecurity staff or keep their systems updated. Though hospitals are extremely focused on protecting the confidentiality of patient health data, they often pay comparatively less attention to the security of medical devices that do not contain patient information.
Staying ahead of the rapidly evolving threatscape will become an exponentially more difficult task given explosive IoT growth and the impending 5G-enabled future. Both municipalities and hospitals need to fundamentally rethink the way they approach security.
Be Proactive - Change from Implicit to Zero Trust
For decades, the internet has operated under an implicit trust model, where it is assumed that you are who you say you are until proven otherwise. Given our current reality and the expectation that cyber threats will continue to outpace defenses, any organization that continues to operate under this model is effectively gambling with the security of its data and networks.
By moving toward a zero trust model that incorporates microsegmentation, municipalities and hospitals can create a much more challenging environment for cyberattackers to find success. A zero trust architecture requires authorization for any person or device attempting to connect to a network or access network resources, even for users already within the network perimeter (realistically, with the cloud and mobile platforms blurring the network edge, there is no longer a static perimeter to guard). Any entity that attempts a network connection must have its identity authenticated before the connection is completed — and, once access is authorized, this identity must be used to further control access to critical servers and data.
As IoT and mobile devices expand the attack surface, driving increased proliferation of ransomware attacks and other cybersecurity threats, organizations must ensure that a single infected system cannot compromise all their systems. Implementing microsegmentation with assured identity to achieve a zero trust network environment will help cities and hospitals defeat these attacks — and significantly reduce the risk of having to make a costly ransom payment or embark on a massive data restoration and system rebuild. Contact us now to be proactive and learn how you can take the proactive and necessary steps now to defeat these inevitable ransomware attacks.