The Ransomware Threat to Local Infrastructure
Over the Fourth of July weekend, while most people enjoyed Independence Day celebrations and extended time off, sinister operators engineered a cyber attack of widespread impact. The sophisticated criminals targeted the IT services firm Kaseya to infiltrate as many as 1500 public agencies and small businesses to extort millions of dollars from victims to retrieve their vital data. The attack was executed by the same actors who shut down a meat distributor earlier this year, extracting an $11 million ransom from the company.
Ransomware received increased public notoriety in recent weeks when an attack on the major pipeline supplying fuel to the northeastern US led to gasoline shortages and long lines at the pumps. The company shut down the pipeline, although the attack did not directly affect systems controlling the pipeline. The company paid the criminals more than $4 million in Bitcoin (but the FBI since recovered more than $2 million of those funds). The disruptive attack demonstrated the tremendous leverage cyber criminals can wield. Even after the pipeline was restored, it took weeks before fuel supplies to the heavily populated region returned to normal.
This most recent ransomware attack proves how vulnerable local agencies can be. Depending on what type of public services you manage – public utilities, transit and traffic operations, health care facilities, IT systems for taxation and revenue, and public safety communications – interruption or takeover of your systems can have serious consequences.
If your critical infrastructure or data fall victim to a ransomware attack, systems recovery and restoral of operation is only half the problem. You also need to assess possible consequences from their disruption or misuse. The failure could expose you to liability from injury or economic loss to those who depend on the infrastructure.
Prevention is the most effective way to protect your systems from these attacks. Update and patch regularly to keep antivirus protection current and reduce vulnerabilities. The most likely way a cyber criminal can gain access to your systems is through one of your employees inadvertently providing passwords through an email that looks legitimate. You must train your staff to recognize phishing and spearfishing tactics. If a breach originating from one of your employees falling victim to a phishing scam leads to other organizations being exposed to ransomware attacks, you could face a monumental liability risk.
Backing up your system routinely and maintaining backups securely is good insurance against ransomware attacks. Restoring a backup after resecuring the system may be all that’s required to get up and running again, without paying a dime in ransom. However, the criminals could still use any stolen information to victimize you and others.
Strong cybersecurity implementation is not an insignificant expense. But the costs of being an easy target have increased exponentially. Staying well ahead of cyber criminals is a worthwhile investment opposed to prolonged business interruption, operational losses and expensive liabilities. Your insurer or risk management consultant may be able to help assess your systems for weaknesses, identify specific vulnerabilities and suggest how to mitigate potential issues. It’s also a good idea to proactively establish a relationship with a cybersecurity firm that can promptly respond to a breach as well as assist with preventive measures.
About Brad Keenan
Brad Keenan is an Assistant Vice President for Public Agencies at Keenan & Associates and focuses his attention on customer success, business development, and emerging risks. Brad worked on Keenan’s internal task force to develop the cyber liability program that would eventually be implemented at more than 400 school districts and community colleges across California. He enjoys speaking at local and statewide association events on a variety of issues, including cyber risks.
Subscribe
Subscribe to the Keenan Blog