By Cole Two Bears, Director of Managed Security, VC3
Hackers continue to relentlessly attack local governments, looking for any weaknesses to exploit. While municipalities can lack the resources needed to stay on top of some important cybersecurity best practices, many of these best practices are straightforward, easy to implement, and end up having a big impact on whether a cyberattack succeeds or not.
One of the clearest yet most commonly overlooked best practices by municipalities is software patching. If a software vulnerability is already known and that vulnerability is not patched, then you’re an easy target for a cyberattack.
If patching can prevent ransomware attacks, then why don’t municipalities do it more often?
Common reasons include:
- Old legacy systems: Inevitably, vendors stop upgrading specific versions of software and offer newer, more secure versions. Yet, municipalities often run older systems, such as software at the end of life or obsolete operating systems, that no longer receive patches.
- Resource constraints: Municipalities with limited budgets and IT resources may struggle to keep up with the constant stream of patches from software vendors.
- Fear of disruption: Municipalities may fear that applying patches will disrupt critical operations or cause downtime.
- Lack of awareness: Some municipalities may not have a clear understanding of the importance of patching or may be unaware of specific vulnerabilities that require attention.
- Third-party dependencies: Municipalities that rely on third-party software or services may be dependent on those providers to release patches. Delays can occur if third-party vendors do not promptly address vulnerabilities.
Despite these concerns, the risks and dangers from failing to proactively manage technology patches and updates are simply too great to ignore. Ransomware and software patching are closely connected because software vulnerabilities are a common entry point for ransomware attacks.
Let’s look at the key issues related to patching and what you need to do to counter the efforts of ransomware attackers.
Software Vulnerabilities
First, it’s important to address the root issue behind the need to patch—software vulnerabilities. Software—including operating systems, applications, and security software—is rarely created perfectly. Nearly all software contains weaknesses or flaws in the code. Ransomware attackers routinely exploit vulnerabilities in software or operating systems to gain access to a computer or network. At any given time, there is a race between hackers who discover vulnerabilities and software developers who create fixes (or patches) for the vulnerabilities.
Patching and Updates
Unfortunately, patches aren’t automatically applied to your software. The process is still a bit cumbersome and inefficient, especially when you own on-premises systems, software, and applications. Software vendors regularly release patches and updates to fix known vulnerabilities. Ideally, IT professionals apply these patches using a patch management strategy and process.
Ransomware attackers actively search for systems without the latest security patches. We often get the question, “Why would cyberattackers be interested in my small city or town?” This is why. Cyberattackers often use automated scanning software to identify these unpatched systems.
When the attackers find an unpatched system, they exploit the known vulnerability to gain initial access. Once inside your system, they can then deploy ransomware to encrypt data and demand a ransom.
By regularly applying patches and updates, you protect your systems from known security threats that attackers could otherwise exploit. Some additional benefits of patching include:
- System stability: Patches also help fix bugs and issues that can affect productivity. Like maintaining a car, software needs tuning and repair. Patches help keep your technology “car” in good driving shape.
- Software performance: In addition to helping your software simply function, patching also leads to new features and improved performance. Software vendors continually add updates, features, and functionality that help make your work easier.
- Avoiding permanent data loss: When software breaks, malfunctions, or gets hacked, you risk data loss. Not patching threatens access to valuable data that—without proper data backup and disaster recovery—may get permanently lost.
Unknown Vulnerabilities
In some cases, ransomware attackers may exploit zero-day vulnerabilities, which are vulnerabilities that are not yet known to the software vendor or the public. These attacks are especially dangerous because there are no available patches or fixes when the vulnerability is first exploited.
In these cases, timely patching is critical because attackers often act quickly to exploit newly disclosed vulnerabilities. Organizations that delay applying patches are at a higher risk of falling victim to ransomware attacks.
Even if you’re completely on top of your patching, a small window of time may exist between when hackers know about the vulnerability and the vendor provides a patch. In those cases:
- Make sure you’re using endpoint detection and response (EDR). This tool—which is now as essential as antivirus software used to be—uses artificial intelligence to detect abnormal activity on your devices. Any compromised device is immediately removed from the network in an attempt to isolate any exposure until an IT professional can assess the situation.
- Leverage built-in security tools within your email software. For example, Microsoft 365 offers tools that can detect an existing vulnerability such as a virus and put controls in place to prevent or limit an attack.
- Train employees. To combat cyberattacks that rely on social engineering, ensure that you’re regularly providing cybersecurity awareness training to employees. Many low-cost, engaging security awareness training options now exist.
- Back up your data and create a disaster recovery plan: In a worst-case scenario, you need to quickly become operational again in the event of a cyberattacker exploiting a vulnerability and causing a disaster. Having both onsite and offsite data backup components—tested periodically—will help ensure you can recover after an attack.
Good cybersecurity hygiene includes keeping all software up to date with the latest patches. This practice is fundamental to reducing your attack surface and mitigating the risk of ransomware infections.
To protect your city or town, ensure your IT team is prepared to guard against cyberattacks by keeping your computers patched, protected, and healthy.