Is it true that the only thing left to do is invest in technologies that detect the attack as soon as possible to mitigate the damage after your network has been breached?
In recent months, Southeast Asia has been continuously hit with cyberattacks and espionage campaigns that had caused widespread discussion. Some noteworthy ones include the Philippines’ government employee data breach of 1.2 million records, the hacking of all Thailand’s ministries’ websites, and the infamous Bjorka hacker, with a series of high-profile hacks against the Indonesian government.
These types of attacks serve as a wake-up call for us to take greater steps toward cyber resilience in order to protect our cities from similar incidents in the future.
Across the globe, cyber-attacks increased 38% in 2022 and they show no signs of slowing. Unplanned-for costs associated with the outages, incident response, fines and ransomware payments are averaging over US$1 million per incident.
We are also seeing cybercriminals upping their games and leveraging more sophisticated attacks against cities and organizations. Now with the advent of generative AI tools like ChatGPT, it is possible for criminals without any coding knowledge or advanced English writing skills to quickly create realistic phishing emails and malware.
So what can be done? It may seem surprising, but cybersecurity is really about people, process and technology – in that order.
Steps to take
First, start with cyber safety tips and training for employees that make sense: Frequent cybersecurity awareness training is crucial to partially protect cities against ransomware. This training should instruct employees to do the following:
- Not click on malicious links
- Never open unexpected or untrusted attachments
- Avoid revealing personal or sensitive data to phishers
- Get approval/verify software legitimacy before downloading it
- Never plug an unknown USB into their computer
- Use a VPN when connecting via untrusted or public Wi-Fi
- Do not open personal emails that have not been checked by corporate protections
- Use unique passwords for every application and multi-factor authentication for access to confidential applications and data
- NEVER count solely on employees to make the right decision when targeted with a good phishing email. IT must have multiple layers of defence since employees will click on anything!
Second, keep software updated and patched: Ransomware attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalising on them. Some lower cost security vendors have also been the compromised vector. Fortunately, most OS and app developers are actively searching for new vulnerabilities and patching them as well as quickly responding to new vulnerabilities.
If you want to make use of these patches, you need to have a patch management strategy and tools in place — and you need to make sure all your team members are constantly up to date with the latest versions. Weekly “credentialed” vulnerability scanning validates that all systems are up-to-date and if not, need attention. Keeping computers and servers up-to-date and applying security patches, especially those labeled as critical and high risk, can help to limit a city’s vulnerability to ransomware attacks.
Third, choose prevention over detection: Many technology vendors claim that attacks will happen, and there is no way to avoid them. Therefore the only thing left to do is to invest in technologies that detect the attack after it has already breached the network and mitigate the damage as soon as possible…
This is not true.
Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place in your cloud assets, your laptops and computers, your email protection and your firewalls, most attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.
Finally, work with city leaders to ensure the program is fully funded, the program gets more mature and continues to build cyber resilience by continuously assessing your vulnerabilities, establishing and practicing an incident response process for when attacks happen and keeping up to date on the latest cyber threats and trends.
Remember that cybercriminals are always trying new ways to break into your systems and you and your team must continue to be vigilant and stay a step ahead of them.