State & Local Government

Victim: Jenni

Role: Employee for City of Grentsville.

Mistake: Opens an attachment in an email that seems to come from a city vendor.

Result: The malicious attachment unleashes a ransomware attack that infiltrates the city’s network and brings down its technology systems.

Consequences:

• City services are shut down until city workers can resolve the crisis
• Residents cannot pay bills or start/stop services.
• Negative financial impact due to delayed revenue and costs to restore systems.
  
  

Jenni’s Options:

1. Pay the Ransom - No Guarantees

• Files still encrypted? Not fully accessible?
• Stolen data sold or exploited?

2. Rebuild Servers from Data Backups

Ransomware By The Numbers:

• 

  $7.5B+

  US ransomware attacks, 2019 costs

• 

  $8.1M

  Average cost of a ransomware incident

• 

  287 days

  Average time to recover from an attack

Easy to Perform and A High Probability of Success

Victim: Andy

Role: Payroll Administrator for the City of Hopskips.

Mistake: Receives an email ‘from a vendor’ with a detailed invoice and instructions to use an updated account/routing number; initiates the wire transfer for the balance owed.

Result: Transfers money directly to the hacker.

Consequences:

• Money that was meant to pay for services rendered is lost; the City cannot recover it.
• An already tight city budget requires programs to be cut to offset the financial loss.

Phishing Attacks Are Becoming More Sophisticated

• Public records enable hackers to launch ‘realistic’ attacks.
• Untrained employees are more likely to fall for such scams.

Data Breaches By The Numbers:

• 

  $8.1M

  Average cost of a data breach for Education (U.S.)

• 

  $3,533

  Average cost of a data breach per employee

• 

  $142

  Average cost per record breached for Education

94% of Organizations Experiences a Phishing Attack

Victim: Connor

Role: Employee at a state agency.

Mistake:

Receives an email ‘from IT’ to update his log-in credentials; clicks on the link and enters his information on a website that looks legit.

Result: The hacker uses stolen credentials to access the state’s network.

Consequences:

• Hackers steal usernames and passwords used to access other government servers.
• Hackers access/leak government secrets.
• Hackers steal employee and state resident personal identifiable information (PII).
  
  
  

User account information from government employees can be:

• Sold on black market for significant financial gain
• Leveraged by nation-state hackers for espionage or sabotage

Data Breaches By The Numbers:

• 

  86%

  Threats and data leaks that start with an employee

• 

  59%

  Organizations suffer negative impacts from an email-borne attack

• 

  97%

  People can’t identify a sophisticated phishing attack

90%+ of security incidents involve human error