As part of Seven Hills 2020/2021 operations, the city participated in a review by Ohio state regulators, who identified gaps in their Cyber Security controls, including security awareness training, cyber risk management, and cybersecurity incident response. Based on the findings, Seven Hills requested assistance from Warwick in meeting their compliance obligations. The Warwick Security Services team was charted to draft a city-wide Cyber Security Policy, help Seven Hills map their existing Warwick services and internal practices to their newly identified gaps, and make best-practice recommendations for the future direction of Managed IT and Cyber Security with the city.
The City of Seven Hills is a small bedroom community in Northeast Ohio. The municipality’s IT initiatives are currently led by the City Services Director and supported by third-party technology providers — working to further develop Seven Hills IT management and Cyber Security response programs. During 2020, Seven Hills also joined the community of North East Ohio organizations support by Warwick technology services.
Identify and Detect
During Q1 of 2021, Warwick provided a draft Seven Hills Cyber Security Policy which was accepted by the city. The policy was structured around the US National Institute of Standards and Technology (NIST) Cybersecurity Framework. NIST describes five core functions – Identify, Protect, Detect, Respond, and Recover – and the city’s new policy included the descriptions of relevant controls chosen by the city in each category to provide alignment with this national recognized Cybersecurity Framework.
In March of 2021, shortly after completing the Cyber Security Policy, Seven Hills was able to test some of their new controls in a real-world event when on March 2, 2021, Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server around the globe.
Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware, giving the cybercriminals ongoing administrative access to the victims’ servers. The City of Seven Hills was among the targets of these attacks.
Protect and Prevent
Through a combination of both active management of Seven Hills IT Infrastructure and awareness of malicious threat intelligence, Warwick was able to rapidly connect the Microsoft-announced threats to the at-risk technology footprint at Seven Hills. Contact was made with the Seven Hills IT Coordinator to activate the recently established Cyber Security Incident Response process in order to manage the risk of malicious attackers compromising the City’s Microsoft Exchange Server.
The City’s email system was assessed for evidence of attack or exploit, and Microsoft recommended follow-up actions were taken to verify the integrity of their overall IT Infrastructure. The IT Coordinator was able to keep City Management well informed while soliciting critical decision-making from stakeholders based on technology and security advisory provided by Warwick. Within a few days, the City was able to close the incident, having responded and mitigated their immediate risks, and set appropriate plans for future prevention.
By leveraging their new security policies and their new, simple, Cyber Security Incident Response process flow, the City was able to effectively activate expert resources from Warwick technology team and contain their incident, while empowering the Seven Hills IT coordinator to make critical decisions, report status, and ensure City Management that the incident was being handled appropriately from both a technology and communications perspective.
Respond and Recover
As a follow-up to this security incident, the City worked with Warwick to evaluate strategic options to further reduce risk of similar future events. With Warwick Managed Services advisory and Microsoft recommendations, the City chose to advance plans for technology modernization, including the further adoption of managed Cloud services offerings from Microsoft. These choices provide the City flexibility, scalability, and resiliency on their core IT infrastructure while reducing the risks and impacts of future security incidents by leveraging best-of-breed Microsoft Office 365 cloud technologies and best practices in security management.
The Cyber Security Cycle
By leveraging strong technology risk practices and the NIST cybersecurity framework, the City of Seven Hill was able to Detect, Protect, and Respond to their incident effectively by following their Cyber Security.