How cities can guard against ransomware attacks

By the numbers: The International City/County Management Association found that roughly 30% of local governments don't know how often their systems are attacked.

• Of those that could, an alarming 60% said they were being attacked on a daily — if not hourly — basis. 

What's happening: When a city is attacked, critical services such as tax management and permit approval can be halted as city officials decide whether to pay a ransom or rebuild a system.

• Paying ransom can quickly restore operations, but nearly 60% of citizens object to such action.
• Riviera Beach, Florida, recently paid attackers around $600,000 to regain access to its systems.
• Rebuilding a system, meanwhile, is typically more expensive and can take months. 
• Baltimore chose not to pay a ransom and has instead spent over $5.3 million in restoration costs. City officials have estimated that a complete recovery will cost over $18 million total, including lost revenue.

What's needed: Residents largely do not want municipal funds paid out to hackers, so if cities are going to rebuild, their new systems should have built-in defenses.

• A cybersecurity policy gaining traction among municipalities is Zero Trust, which operates on the assumption that anything inside or outside of a corporate network including data, devices, systems and users is a security risk.
• How it works: In a Zero Trust system, administrators use technologies including end-to-end encryption, multifactor authentication, identity access management and analytics to control access.

What to watch: The U.S. government is starting to invest in Zero Trust pilot programs, including a recently announced project with the Defense Information Systems Agency and U.S. Cyber Command. 

Alan Duric is the co-founder and CTO/COO of Wire, a secure collaboration platform.