Reading Time: 3 minutes

3 MINUTE READ

Water Supply Attack Illustrates Security Lessons for Municipalities

During the first week of February in Oldsmar, Florida, a hacker tried to poison the city’s water supply by increasing the amount of lye to dangerous levels. While the city fended off the attack, it’s still scary to contemplate what hackers can potentially do in 2021.

An attack on your water supply may not be one of your daily worries. However, if we look at some elements of the attack analyzed by a Cybersecurity and Infrastructure Security Agency (CISA) alert, we will see some areas of concern that overlap with your municipality’s cybersecurity strategy—or lack thereof.

1. Password security

Poor, unenforced password policies are one of the most common vulnerabilities for municipalities. Passwords are often simple (“123456”), shared (such as administrative passwords shared among employees), rarely changed, and the same passwords used across many applications. Hackers have long been able to use automated software to hack into systems with common or breached passwords.

A password policy that requires the use of complex, unique, frequently changed passwords strongly positions you against a hack. Even better, Two-Factor Authentication (2FA) will require another step (such as inputting a code sent to your phone) that makes it difficult for a hacker to enter your systems.

2. Outdated operating systems

As of March 2021, about 16-17% of devices use Windows 7—an outdated operating system no longer supported by Microsoft. That means it’s likely many municipalities still use Windows 7. When you use an outdated operating system, you are no longer receiving security patches to shore up cybersecurity vulnerabilities. Hackers know this. They look for municipalities running outdated operating systems and exploit those systems based on widely known vulnerabilities. Maintaining an up-to-date operating system is critical for your cybersecurity.

3. Social engineering

In its alert, CISA talks about the malicious use of TeamViewer, a software that allows people to remotely access and control your desktop. Obviously, use of this software can often be legitimate. However, when phishing emails and social engineering tactics are used to trick an employee into giving a hacker remote access to their computer, a lot of damage can occur once the cybercriminal is inside your network. It’s imperative that you regularly train your employees about common phishing tactics, scams, and social engineering tricks while reminding them about policies related to downloading unauthorized software.

4. Investments in security

Many proactive tools exist to help prevent cybersecurity attacks before they happen. In its alert, CISA recommends strong antivirus software, antispam software, and firewalls. We would go a step further  and recommend Advanced Endpoint Detection. Modern antivirus software is often ineffective, by itself, against sophisticated hackers. Advanced Endpoint Detection adds an important layer of protection that helps you more proactively prevent cyberattacks while quickly isolating infected devices so that malware doesn’t spread throughout the rest of your network.

5. Security oversight

Tools are great but often ineffective without professional oversight. In its alert, CISA recommends audits that cover network configurations, Remote Desktop Protocol (RDP) security, the isolation of unsecure devices from your network, and the observation of user activity so that suspicious access can be quickly suspended. Activities such as user authentication monitoring, intrusion detection/prevention, security scanning, and Dark Web monitoring can all ensure that critical municipal operations are secure.

Need help assessing your current cybersecurity strategy?

Reach out to us today. Fill out the form below and we can schedule an initial call to discuss your current cybersecurity strategy and what you need to do to better prevent an attack.