Hackers know vulnerable systems when they see them, and they also know this: Many government systems are decades old, running Windows 7 and even Windows XP. So it's no wonder why the bad guys have been striking out against them with ransomware attacks in recent months.
Even school districts are getting hit, the most notable being the four districts that were attacked in Louisiana last month, prompting Gov. John Bel Edwards to declare a state of emergency.
To be sure, security teams can take some clear steps to stay secure and/or mitigate such attacks. Best practices include solid patch management, comprehensive phishing and email management education, and privileged access management, according to Phil Richards, CISO at Ivanti, who also advises reviewing the Center for Internet Security's 20 Controls. Additional guidance includes having good backups, reinforcing basic cyber awareness and education, and revisiting and refining cyber incident response plans.
But while an ounce of prevention is worth a pound of cure, attacks can't be fully prevented. The following slides review eight of the most high-profile ransomware cases to hit city governments since last fall.