Last year was rough, marked by countless data breaches, digital incidents, and cyberattacks. Some of the most egregious of these were ransomware attacks targeted at local governments. More than 70 cities fell prey to a wide range of attacks, including Baltimore, Pensacola, New Orleans, Galt, and St. Lucie, along with 23 other municipalities.
Today, however, we received some good news. Las Vegas was the latest city government targeted by cybercriminals, and the attack was unsuccessful. As reported by ZDNet, IT staff detected an intrusion attempt at 4:30 AM on Tuesday, January 7, and immediately took steps to protect all potentially impacted systems.
By Wednesday, the city was back on its feet.
“Following yesterday’s cyber compromise, we have resumed full operations with all data systems functioning as normal,” reads a post on the city’s official Twitter. “Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation. “
“We do not believe any data was lost from our systems and no personal data was taken,” it continues. “We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications.”
The nature of the attack is still largely unclear, as is its intended purpose. At this point, we only know two things. First, that the attack was likely delivered via email.
And second, that Las Vegas’s IT department did almost everything right.
They detected the attack almost immediately through their network and email monitoring systems. They isolated the impacted systems the moment they uncovered them. And they kept residents and stakeholders apprised throughout the process.
Other municipalities would do well to follow Vegas’s example, and model their own threat response processes accordingly. Your own IT and security teams could learn a thing or two from how Vegas handled itself, as well.
- Always have a plan in place. It’s clear that Las Vegas had incident response processes in place, given their quick reaction. You would do well to follow their example. Have clear chains of communication for everyone involved in an incident, from external stakeholders to people responsible for the response.
- Network monitoring and proactive security is a must. The more visibility you have into your network and its operation, the better equipped you’ll be to take action when something goes wrong.
- The capacity to air gap compromised systems. This is a must, especially for defending against ransomware. If a device is in any way compromised, you need to be able to disconnect entirely from your other devices.
- Communication and transparency. Las Vegas was open at every stage of the attack, and at no point were citizens left in the dark about what was going on.
Cyberattacks targeting municipal governments are on the rise. That’s not going to change. Until more governments and businesses follow Vegas’s example, they’ll continue to represent easy targets for criminals.