Florida has become even riskier for security hacks as more Florida municipalities and businesses get hacked. In many cases, data is held for a sizable ransom. Recent cyber attacks on Key Biscayne and Lake City is a clear call to action for greater digital security within municipal governments.
Although the federal government and FBI doesn’t recommend paying ransoms for stolen data . . .
“Regardless of whether you or your organization has decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement,” the FBI explained.
“Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks.”
However, municipal governments and businesses in Florida have little choice. For instance, Lake City paid nearly a half million dollars in Bitcoin to cyber criminals to have data recovered.
Key Biscayne, right here in South Florida shelled out the ransom to recover data and software operations as well. And businesses in Florida are not safe either.
Many Municipal Governments And Businesses Not Ready For DevOps
What’s the issue? Are there just more hackers? Yes and no. Many companies and municipal governments are not quite ready to implement DevOps and devops tools used by development teams that ensure the safe development of software and other necessary technology.
In most cases, a DevOps team is haphazardly assembled to simply meet the demands needed at the moment. This is potentially what opens up municipalities and businesses to security gaps and missteps.
Only 46 Percent Of IT Professionals Are Handling Security Risks
According to research by the Sans Institute, “Fewer than half (46%) of survey respondents are confronting security risks up front in requirements and service design in 2018–and only half of respondents are fixing major vulnerabilities.” This is not good.
Not having security risks marked as a top priority, DevOps teams may be sidestepping important security requirements, or simply too busy to handle security risks as they arise.
What Can Be Done To Strengthen DevOps?
Interestingly, the solution to the growing risks of security breaches and leaks begins with simply separating highly secure data from developers. And this doesn’t need to be at the high cost of both time and money.
Data management is a part of Privileged Access Management (PAM), and many municipal governments and businesses in Florida already have it in place. To mitigate risk among DevOps teams, remediate the weakened security guidelines within PAM.
The following DevOps security practices should also be in place.
Make An Inventory Of Privileged Accounts
Municipalities and large companies are running large networks with servers numbering in the thousands. This can cause a lack of inventory of privileged accounts. This often happens when the credentials within the systems are not fully understood and processes are not adhered to.
Since automated processes and scripts are used by DevOps teams, the complexity of managing privileged accounts grows. To combat this, municipal governments and businesses need to audit privileged accounts, make an inventory, and give privilege to assets that are needed.
It Is Critical To Understand DevOps Teams And Data They Access Or Release
Normally, municipalities and companies think secure data can only be accessed via server access. However, within DevOps, this is not necessarily true. If a user with a privileged account inputs certain code, it falls into the DevOps pipeline, which may be accessible by many people.
Wrapping Up . . .
Lake City shelled out nearly $500,000 to obtain data and software operations back from cyber criminals. That is a lot of money for any municipal government or business.
Being mindful about cyber attacks and taking the proper steps to thwart attacks is a must. Not only for your city or company, but also for those in which those cities and companies serve. Is security a priority for you?