Many of you likely caught the latest cyber attack that crippled a majority of the city and forced Atlanta into cyber chaos last weekend. This latest attack, on the Southeastern U.S. hub, disabled much of the digital workplace and had some workers reverting to paper and phones.
So, is this going to be the new norm in America now? How should cities brace for this sort of attack? Our own Todd Inskeep, from the RSA Conference Advisory Board, weighed in recently with his thoughts:
What does this mean?
Cities are just the latest "small business" to find themselves on the wrong side of the cyber poverty line with an accumulated information security debt that's coming due. A surprising number of large companies and an unsurprising number of small and medium size businesses have failed to invest in cybersecurity as the threat and risk landscape has evolved over the last several years.
Is this an isolated incident?
Atlanta is just the latest visible victim. The root of the issue, its ransomware and likely came in through a phishing attack. Charlotte, where I live, had a ransomware issue in December, followed by the neighboring county in February. Baltimore and Denver were hit recently along with cities in Alabama, Tennessee and New Jersey.
What to do?
Protection mechanisms for both phishing and ransomware are well known. Implementing those mechanisms requires funding and thoughtful implementation based on company architectures. The use of cloud-based services generally helps, but requires attention to the details of configuration and implementation as we've seen.
What I’ve begun looking into and suggesting is adjusting the monoculture problem that most organizations have around Windows. As many organizations found during WannaCry and NotPetya in 2017, the loss of access to Windows machines means loss of access to critical documents, as well as broken systems and processes. When the systems that 90% of your organization depends on are inaccessible, your organization will go down fast. Mobile phones have become indispensable and may provide a backup for critical information like phone numbers. For other business applications, phones often access information stored on Windows-based servers or use Windows-based access tools.
Switching away from Windows isn't a real option but having some diversity, such as Mac and Linux servers, Mac-based laptops, Chromebooks, iOS tablets and Android tablets spread around the organization could be critical to maintaining operations in future attacks. The limitations of dependence on Windows was laid bare by NotPetya's spread and impact on corporate operations including manufacturing operations.