Four years ago, the city of Atlanta launched a smart city initiative, hoping to improve municipal operations with integrated technology. The future looked bright. And then, in 2018, a ransomware attack crippled city infrastructure. One year and $17 million dollars later, Atlanta serves as a reluctant poster child for the necessity for robust local government cyber security.
In 2019 alone, local governments and hospitals in the United States have reported 140 cyber-attacks. In fact, cyber-attacks have more than doubled since last year. These assaults have destroyed public records, disrupted healthcare and law enforcement and frozen online services.
In a typical ransomware attack, hackers access the municipal network either through a phishing email or by exploiting weak passwords. Once in, they encrypt files throughout the network, demanding a ransom in return for the decryption key. The city can either pay the ransom or restore from a recent backup and completely rebuild the system.
Hackers usually keep ransom demands fairly reasonable in order to encourage payment. However, the FBI recommends that victims refuse to pay. Not only does payment encourage more attacks, but hackers do not always deliver reliable decryption. In addition, they may leave additional malware hidden in the network to do further damage.
A number of risk factors common to municipalities complicate the security landscape. In the first place, local governments report a lack of sufficiently trained cyber security personnel. Governments tend to pay less than the private sector and may experience difficulty attracting and retaining staff with the needed experience.
Secondly, as with many large organizations, municipalities frequently struggle to keep systems up-to-date. In the case of Atlanta, several reports indicated that the city had not applied fixes to known vulnerabilities. In fact, of the $17 million the city spent on recovery, roughly $11 million went to updating computers, tablets and smartphones.
Finally, many municipalities outsource services such as payroll and credit card processing to third parties. However, without adequate risk management procedures in place, the third parties introduce additional vulnerabilities.
Effective cyber security requires investment in personnel, equipment and cyber insurance. And with limited budgets, local officials often prove reluctant to allocate sufficient resources to security efforts. Furthermore, cyber security investment is not a “once and done” effort. Cities must stay up-to-date in order to remain secure.
Consequently, a critical step in improving local government cyber security involves embarking on an education campaign. Voters, politicians and other decision makers must understand the cyber risks involved and the benefits of mounting a proactive defense.
Understanding the numbers can help. For instance, spending $50,000 in planned equipment and software upgrades now can avoid $100,000 in more costly emergency spending when an incident occurs.
Like Atlanta, cities across the country look to technology to solve pressing municipal issues. The internet of things (IoT) offers compelling solutions to untangling traffic snarls and delivering utilities more effectively, for instance. But without a solid security strategy, such efforts come with great risk. Necessary components of an effective security strategy include:
Navigating local government cyber security can prove tricky in the unique municipal environment. When elected officials come and go, a trusted security partner can provide needed continuity.
With deep experience in government IT, eMazzanti can help local governments protect vital municipal services and sensitive data. From risk assessments to system monitoring and comprehensive security strategies, we provide the tools you need.
Cyber threats never take a day off, never clock out and go home at the…
Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…