Business View Magazine | September 2020

281 BUSINESS VIEW MAGAZINE SEPTEMBER 2020 Palindrome Technology Addresses Cybersecurity for Municipalities Ransomware attacks on municipalities and comparable organizations are more frequent than ever. Municipalities face a wide range of cybersecurity threats against operational, financial and control systems. This challenging environment is further complicated by budget realities commonly faced by municipal institutions that can result in inadequate spending levels on technologies, personnel, and process formalization. Our approach in mitigating these threats is process-driven rather than product-driven. The process incorporates active testing and security analysis of security controls along with network monitoring to detect malicious activity. Prevailing threats to municipalities include the vast array of threats faced by all internet- connected enterprise organizations, but also industry-specific concerns. Municipalities are therefore required to perform tech-industry standard activities to identify, control, and monitor cyber risks, but to also monitor the threat landscape continuously. While cyber-adversaries historically attacked targets of opportunities, today’s attackers are more sophisticated, including state sponsored actors who choose targets based on perceived value of information or computing resources that may be gained via successful breach. Information on general cybersecurity threats abounds, in large part due to regulatory and industry resources and guidance, as well as a relatively robust environment for cybersecurity tools. The challenge for municipalities is harnessing available resources and acting upon threat information, which may be made difficult as a result of historically low IT and cybersecurity staffing levels and budgetary constraints. Threat and vulnerability data collected (for 4 weeks) from a cybersecurity study on 11 municipal networks conducted by Palindrome in 2018 revealed that, as organizations grow, so does their IT budget, but the organization also becomes more vulnerable due to a lack of investment in cybersecurity resources. Municipal-specific concerns may present the greater challenge. Information resources may actually have higher value to some attackers than traditional financial and customer information records. For example, information gathered and stored by law enforcement and judiciaries should be expected to be highly sensitive, particularly data related to criminal prosecutions that are subject to individual privacy concerns as well as confidentiality, such as related to eyewitness testimony. High profile cases may draw in sophisticated, global threat actors. Threats may potentially seek to impact confidentiality, integrity (e.g. attackers modifying municipal data), and availability (e.g. attackers delete or ransom municipal data). Maintaining a strategic distance from computerized correspondence is not really an alternative in this day and age. The best way to ensure protection against digital communication and not succumb to these attacks is to work with cybersecurity in a consistent and organized manner. ...... For more information, please visit our website www.palindrometech.com 100 Village Court, Suite 300, Hazlet, NJ 07730 USA | info@palindrometech.c

RkJQdWJsaXNoZXIy MTI5MjAx