Cyber Attacks on Municipalities Underscores Urgency of Defeating Cybercriminals
This summer brought more than just blistering heat; cities across the country felt the pressure of devastating ransomware attacks. More than 40 municipalities, including 22 in the state of Texas, were the victims of cyberattacks. Major cities like Baltimore and Albany, as well as smaller towns like Lake City, Florida, were attacked by cybercriminals holding data and systems hostage with ransomware.
Exploiting big business is nothing new. The Old West was full of train robbers looking to make off with payroll and other valuables. But these modern-day criminals have come a long way since the James-Younger Gang and Butch Cassidy. Today, cybercriminals are targeting small-town America in the hopes that these cash-strapped government organizations have lax security measures and the inability to rebuild infrastructure after an attack. Lake City, Florida, for example, paid nearly $460,000 in bitcoin, assuming that it would be less expensive than reconstructing its systems.
Information is Key
The rate of ransomware attacks on public-sector targets this year is outpacing last year and not showing any indication of slowing down. Many of these cash-strapped governments are looking for new ways to protect themselves from cybercriminals. Getting a handle on cybersecurity issues begins with information. Identifying vulnerabilities allows local governments to direct resources toward weak links. For municipalities that outsource payroll and credit card processing, conducting due diligence on the third-party provider’s security protocols is often overlooked. Local agencies must also conduct an audit of their internal security controls, including penetration testing of cyberdefense systems. Many are even looking to state governments to assist in cybersecurity audits on the local level. Washington state, for example, funds testing of local agencies’ systems that includes various performance and cybersecurity audits.
Awareness is Critical
For many local governments, the gravity of having a solid cybersecurity plan in place isn’t recognized until after a breach occurs. Governments need to increase awareness throughout the agency and get in front of issues that have historically received little attention. Phishing and ransomware attacks typically go unnoticed by IT teams and system administrators, so agencies need awareness training to keep staff up-to-date on the latest exploits and reduce the number of potential threats.
High-profile attacks on municipalities underscore the urgency of leveraging information and technology to defeat cybercrime. Yet keeping cybersecurity at the forefront of priorities is a challenge for small governments. LanYap Networks can help. Just give us a call!