New Orleans. Johannesburg. Redcar & Cleveland. Three very different places, all unified by one experience – ransomware. In the past six months, these three municipalities have joined the growing list of cities hit by automated, machine-speed cyber-attacks. And as the global workforce goes remote, municipalities are fast realizing that downtime is simply not an option. Yet ransomware forces just that, leaving cities with no choice but to take vital services offline – reducing some workers to the old school methods of pen and paper. And with these types of attacks doubling in 2019, cyber security has pushed itself right to the top of every municipality’s priority list.
Disruptive to any organization, ransomware’s consequences can be particularly severe on local governments. Interruptions in digital connectivity mean cancelled hospital operations, scrambled emergency responses, and disorganized public services – the list goes on. At a time when these are more important than ever, avoiding ransomware attacks is of paramount importance. A robust cyber security posture is a must. Yet, with a single email often being the point of entry for ransomware, organizations are having to be increasingly inventive in their protection methods.
Many municipalities have first-hand experience with attacks from the inbox. In the case of New Orleans, an employee clicked on a well-disguised phishing email – a simple mistake costing $7 million dollars. This figure will likely continue to grow, with loss of profits due to operational down-time, the expense of rebuilding the network, and the task of salvaging any data exponentially adding up. Local governments need to prepare for the reality that it is not a case of if, but when, a cyber-attack will hit. And cyber security measures are even more vital now due to the aging and increasingly vulnerable technological infrastructure that most local governments operate.
The problem doesn’t start and end in the public sector, however. The uncomfortable reality for cyber security professionals across all industries is that distinguishing between genuine and malicious emails is becoming much harder due to the sophistication of attackers. Automation has turbo-charged ransomware attacks, making them appear contextually and socially legitimate. And AI-powered attacks are not far off, meaning malicious emails will soon be able to slip seamlessly into ongoing conversation threads without anyone noticing. The only way to fight back against these threats is with AI.
As such, pitting machine against machine is no longer relegated to the realm of science-fiction fantasy but a present necessity. Attacks on local governments will become faster than ever before, with municipalities rolling out 5G, and implementing IoT sensors for traffic control, litter collection, and even water reclamation systems – and exponentially widening the threat surface as a result.
Security has experienced a paradigm shift in recent years with the advent of the ‘immune system’ approach to securing cyber environments of all kinds. Based on an understanding of ‘self’ for every user and device on an organization’s network, this technology uses self-learning AI algorithms to learn the unique DNA of a given organization. Operative across the entire digital business, an immune system approach in the email environment comes with a holistic understanding of what constitutes normal – as opposed to malicious – activity in the cloud, OT, and corporate network. And with AI’s ability to autonomously evolve its definition of ‘normal’, this knowledge is always up-to-date.
This technology, introduced to the market by Darktrace, is also operative in the email environment. Here, Darktrace’s Cyber AI is able to distinguish whether it would be unusual for a user to receive specific emails, and if so, take autonomous action to neutralize the threat. Identifying the most subtle signals of attack, this technology is operative at all stages of an email’s lifecycle – its delivery, opening, and reply. Suspicious communications are autonomously held back for investigation, malicious attachments are converted into harmless pdfs, embedded links are locked, and even data exfiltration via the outbox is spotted and stopped. Darktrace’s Cyber AI for Email comes armed with contextual understanding – enabling surgical precision when eliminating threats, seconds after they emerge.
To combat threats in the email environment, adaptability and innovation is crucial. Municipalities need to step up and arm themselves with an autonomously-responding AI system, taking the advantage back from the attackers – and thereby keeping the power and data firmly in local governments’ hands.