Cybersecurity teams working in municipal settings face a constant struggle — protecting vital public network infrastructure with limited resources. The situation can reach a breaking point when these teams become overwhelmed managing false positive and negative flags triggered by legacy cybersecurity solutions.
At the same time, U.S. cities are increasingly targeted by cyber criminals. In its 2022 “State of Ransomware” study, Sophos reported that ransomware attacks on local governments increased by 70% for 34-58% of those surveyed, and that those attacks were more expensive than ever, with five- and six-digit ransom demands becoming the norm.
In many ways, cyber attacks on cities pose serious, potentially fatal risks. After all, these networks manage vital services like power grids, water treatment facilities and emergency response. All too often, city employees operate outdated, legacy systems. And, because city budgets are typically quite limited, it’s critical for IT teams to source cybersecurity solutions that work and, ideally, allow analysts to break free from repetitive, mundane tasks like sifting through false positive and negative flags.
3 Ways False Positives and Negatives Put Cities At Risk
1. Staffing and efficiency suffer.
At best, cybersecurity analysts put in hours of work that could have been dedicated to more meaningful tasks when an alert turns out to be a false positive. At worst, true cybersecurity threats can be missed when busy IT departments aren’t able to spare the resources needed to examine every potential threat.
A policy that encourages employees to disregard security threats, no matter how small, can leave city and public resources vulnerable to data privacy breaches and other cyber attacks.
2. Novel threats are missed.
Legacy systems often include outdated rules-based platforms that fail to uncover novel threats, which may not be discovered until the damage is already done — especially when staff attention is being diverted to sifting through mountains of flagged potential threats.
3. Communications breakdowns cause dangerous delays in response time.
Many cities have little choice but to work within a network architecture cobbled together as a patchwork of disparate legacy systems across various departments. Sometimes, this means false positive and negative flags are coming from multiple, disconnected places. It’s all too easy for true positive flags to fall through the cracks in this scenario.
The good news is that an effective solution is within your reach. Advances in cybersecurity have led to a new generation of smart technology that can help you proactively combat the issue of false negatives and positives.
How Can You Combat False Positives and Negatives?
There are several approaches to consider when it comes to reducing the number of bogus security threats impacting your city, including network analysis, enacting policies that reduce the opportunity for cyber attacks, beefing up your overall security measures, and taking a look at how modern AI technology could help.
Analyze Network Traffic
Look through information in your network logs to spot unfamiliar usernames, odd connection details, and suspicious trends in the duration and frequency of communication to uncover security threats the old-fashioned way. You may be able to detect more false negatives than if you hadn’t looked, but this process is prone to human error and can become time-consuming.
Limit Network Access on IoT Devices
As a matter of protocol, consider implementing policies that limit the network access of IoT devices, especially those in the field used to communicate with centralized city resources like emergency response centers.
These devices have become common targets for cybercriminals looking for a way in, and they typically don’t require much access to function properly. When IoT devices have restricted/limited network access, your security software is more likely to recognize unusual behavior and should issue more accurate alerts.
Use Web Application Firewalls
A large percentage of data breaches are targeted at web application vulnerabilities. While the commonly-deployed Web Application Firewall can reduce these instances, this type of firewall can hog network resources when used to detect false negatives and positives. The related slowdown can reduce the firewall’s effectiveness in quickly alerting staff to authentic threats or slow network traffic to an unacceptable level.
Research Artificial Intelligence Solutions
MixMode tackles the problems associated with false positives and negatives through the power of modern AI advancements. The platform’s context-aware AI monitors your network to gain a baseline understanding of your systems and how they have been used.
MixMode is smart enough to learn about your network and accurately sort and prioritize security warnings so municipal IT teams can tackle real threats as they emerge. You’ll have fewer security threats to analyze manually because the AI will have identified false positive and negative threats.
Reducing the number of false positives from the start can save you needless headaches. Your analysts will feel energized and refocused when they can make better use of their talents. You may even notice an uptick in productivity.
Equipping your network security team with a tool that will help them better analyze emerging trends and widespread security threats will leave your city infrastructure less vulnerable to actual security breaches. The MixMode interface is intuitive, robust, and is always updated with the most up-to-date security data available.
No Security Program is Perfect
While it would be impossible to fend off every false positive and negative security threat, modern solutions utilizing modern tech (like MixMode’s context-aware AI) can greatly reduce the number of threats that need further investigation. MixMode can even help you better protect legacy systems and improve the way disparate systems communicate with each other.
What was once a stressful, labor-intensive task can become a manageable, productive process, contributing to more efficient IT teams and ultimately, safer, more secure cities.
Other MixMode Articles You Might Like
Cybersecurity Awareness Month Focuses on the “People” Part of Cybersecurity
Case Study: How a Major U.S. City Rapidly Modernized Its Cybersecurity Defenses
Webinar On-Demand: State of InfoSec Q3 2022