Four years ago, the city of Atlanta launched a smart city initiative, hoping to improve municipal operations with integrated technology. The future looked bright. And then, in 2018, a ransomware attack crippled city infrastructure. One year and $17 million dollars later, Atlanta serves as a reluctant poster child for the necessity for robust local government cyber security.
In 2019 alone, local governments and hospitals in the United States have reported 140 cyber-attacks. In fact, cyber-attacks have more than doubled since last year. These assaults have destroyed public records, disrupted healthcare and law enforcement and frozen online services.
In a typical ransomware attack, hackers access the municipal network either through a phishing email or by exploiting weak passwords. Once in, they encrypt files throughout the network, demanding a ransom in return for the decryption key. The city can either pay the ransom or restore from a recent backup and completely rebuild the system.
Hackers usually keep ransom demands fairly reasonable in order to encourage payment. However, the FBI recommends that victims refuse to pay. Not only does payment encourage more attacks, but hackers do not always deliver reliable decryption. In addition, they may leave additional malware hidden in the network to do further damage.
A number of risk factors common to municipalities complicate the security landscape. In the first place, local governments report a lack of sufficiently trained cyber security personnel. Governments tend to pay less than the private sector and may experience difficulty attracting and retaining staff with the needed experience.
Secondly, as with many large organizations, municipalities frequently struggle to keep systems up-to-date. In the case of Atlanta, several reports indicated that the city had not applied fixes to known vulnerabilities. In fact, of the $17 million the city spent on recovery, roughly $11 million went to updating computers, tablets and smartphones.
Finally, many municipalities outsource services such as payroll and credit card processing to third parties. However, without adequate risk management procedures in place, the third parties introduce additional vulnerabilities.
Effective cyber security requires investment in personnel, equipment and cyber insurance. And with limited budgets, local officials often prove reluctant to allocate sufficient resources to security efforts. Furthermore, cyber security investment is not a “once and done” effort. Cities must stay up-to-date in order to remain secure.
Consequently, a critical step in improving local government cyber security involves embarking on an education campaign. Voters, politicians and other decision makers must understand the cyber risks involved and the benefits of mounting a proactive defense.
Understanding the numbers can help. For instance, spending $50,000 in planned equipment and software upgrades now can avoid $100,000 in more costly emergency spending when an incident occurs.
Like Atlanta, cities across the country look to technology to solve pressing municipal issues. The internet of things (IoT) offers compelling solutions to untangling traffic snarls and delivering utilities more effectively, for instance. But without a solid security strategy, such efforts come with great risk. Necessary components of an effective security strategy include:
Navigating local government cyber security can prove tricky in the unique municipal environment. When elected officials come and go, a trusted security partner can provide needed continuity.
With deep experience in government IT, eMazzanti can help local governments protect vital municipal services and sensitive data. From risk assessments to system monitoring and comprehensive security strategies, we provide the tools you need.
With a global customer base, eMazzanti Technologies positions engineers and project managers in various locations…
Over a period of three weeks, most of the workforce in the United States found…
Three years ago, Microsoft launched Teams, a powerful component of Office 365 (now Microsoft 365),…
In our new work-from-home (WFH) world, the requirement for on demand video conferencing has exploded…
With the majority of employees working from home this spring, organizations have encountered new challenges.…
The average small to medium business (SMB) has most likely migrated at least some essential…