Ransomware victims rising in local government...

in posh •  5 years ago  (edited)

image.png
IMG SRC

Ok, right off the bat I must admit that I'm guessing here but my subjective assessment is exactly that!

How can it be that there's hardly ever a week without another local government that's admitting it's struck by an ransomware attack?

I'm sure it's not only me wondering if these local government IT departments are throughout run by people that aren't aware of the risks and that haven't done anything to protect themselves from ransomware attacks?

Is this a lack in funding or a technical competence issue?

From protective measures like awareness trainings to simply sufficient data backup over the use of possibly virtualization technology, are these all things that aren't know is such IT departments?

However, here's that latest article on this matter that writes about

"On Friday, the US city of New Orleans became the latest local government to be held hostage to ransomware."

https://nakedsecurity.sophos.com/2019/12/17/ransomware-seized-new-orleans-declares-state-of-emergency/

What do you think? Am I wrong to expect something to happen possibly via a nationwide government support for such IT operations to prevent further "successful" ransomware attacks?

I'm sorry but imo this is one of the most impressive displays of wasting tax payer dollars again and again across the US of A.

...and it's surely not limited to the US because there are regulations in place to force making known such kind of cyber attacks in the US and not all other countries have such regulations.

So, I assume that the dark figure of such ransomware attacks is much higher worldwide and of course in other areas like commerce and so on.


Let me read your 2 sats on this down in the comments!

Cheers!
Lucky

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Is this a lack in funding or a technical competence issue

I think many times it is both.

Is this a lack in funding or a technical competence issue?

Personally, I fear it is a combination of the two factors.

In the case of the government institutions I know, the budget for backups, supervision and data security is something that goes from minimum to non-existent, while the staff is in a situation that goes from almost demotivated demotivation to a complete one. negligence.

I should point out that not all members of the technical staff are like that, in fact I know some people who really want to do their job well, but they encounter the strangest bureaucratic obstacles and the obtaining of part of colleagues who are not interested in notice their lack of productivity (you know, if next to a lazy person you put a person who works, because laziness becomes much more noticeable), so they sabotage those who want to do their jobs and end up creating a very environment strange.

Hello@pedrobrito2004,

thanks for your comment! As always, and I love this, very thoughtful and on point!

Yes, sure enough a major part in my profession is to stay on top of all the regulatory and compliance stuff as well as setting up an functioning and right sized information security management systems in alignment with general IT operations and all other stakeholders throughout the organization, and last but not least making sure to get an leveled budget for protective measures and projects.

It's a little like juggling with many balls. Hahaha!

In many situations that I was confronted in my consultant job at least (I'm working employed in information security as an information security officer and self employed "on the side" in "security fire fighting", security assessments, security projects) the damage had already happened to some degree which makes it easier to get executives in a room to listen to some suggestions.

Sadly, many need at least one bloody nose, some even more than that, to even think about information security and opsec.

Staffing, ensuring adequate competency, funding and so on has to be taken care of, ideally before people are too frustrated to give up on it.

Cheers!
Lucky

That the leaders need a direct blow to wake up and that there are still cases in which they refuse to wake up and act to solve the problems, is something that sounds familiar to me. Although it is also something you can find throughout the history of various civilizations. It seems that as the leaders are here to maintain the Status quo and not to advance to the future, they do not accept to do anything that changes things even when that change is to improve and give greater security.

It has to be qualifiable and quantifiable. That's what I learned a long time ago when dealing with executives. Make your case understandable and most importantly do a thorough job when it comes to realistic estimations in regard to possible damages. But this means you have to do your homework. No shortcuts and blanket arguments. Understand what it is worth that you try to protect and align the protective measures to these price tags. That's something most executives understand very clearly. Dollars! Hahhaha!