“We are dealing with a hostage situation” - Could your city be held hostage by hackers?
“We are dealing with a hostage situation” were the words used by Mayor Keisha Lance Bottoms in a statement in March of this year. The city of Atlanta had suffered a major ransomware attack which crippled computers and wireless networks and blocked access to important data. It took more than a week to restore services.
There is no doubt that cyberattacks targeting the public sector and national infrastructure are on the rise. Last year the UK Parliament suffered an attack, and the year before Ukraine’s power grid saw critical energy systems supplying heat and light to millions of homes cut off. These weren’t isolated incidents.
It’s now public knowledge that our elections are being rigged and tampered with. Our personal data is being used to influence our views and decisions, threatening our very democracies. Cyberthreats are impacting citizens and Governments on a largescale. They are akin to warfare and are being treated as such.
Nations are now involved in cyberwarfare to a greater or lesser extent, some even stockpiling vulnerabilities to leverage when necessary. Microsoft firmly pointed the finger at the US National Security Agency for enabling the Wannacry attack by not letting them know of the vulnerability that was later exploited.
As Governments build their arsenal against cyber threats, here are four vital steps that should be taken:
- Define the risks and governance – build a tailored-cut cybersecurity strategy and resilience. Understand the landscape you’re working in: who are the actors, motivations, environments. What would happen if you came under attack and how would you minimize the disruption to critical services. Ensure your governance is strong and you have plans in place to protect and prevent but also contingency protocols.
- Threat intelligence – Build a threat hunting program. Threat hunting is fundamental to identify as soon as possible potential vulnerabilities that could be used by threat actors to target your environment. To build such a program organizations will need a cyber threat intelligence service that could aggregate intelligence gathered from such security testing, from manufacturers and service providers. Aggregating and transforming such intelligence into actionable intelligence is essential as the threat landscape continues to change at a fast pace. You can find more information on threat hunting here.
- Cyber deception – take a pre-emptive approach and understand potential attackers. This requires creating virtual twin environments to lure attackers into and study what they’re doing. This way you can contain them from critical environments and take immediate action to neutralize the cyberattackers
- Adaptive security – this is where we’re making serious leaps in security response through analytics and automation. AI will be the biggest tool in the cybersecurity arsenal in the years to come. It will be able to detect and respond in real-time, self-learn proactively from the internal and external environment and automatically make alterations to block attacks.
There can be no doubt that threats are increasing and the likelihood is that some of these attacks will get through even the best defenses. The ones we hear about, which get through defenses, are just the tip of the iceberg in terms of the number of attacks made. But, our imperative is to be ahead of the attacks and be smarter than the cybercriminals. We need to move from descriptive security (learning from past lessons) to prescriptive security (learning patterns from previous attacks to anticipate cyber-risks).