With 45% of ransomware attacks targeting municipalities, something must shift the needle.
Municipalities face the risk of persistent cyber-attacks in every direction. From embedded malware in file attachments, malicious code uploaded via removable media, and the endless risk of viruses and dubious data uploaded via self-service/ file transfer portals, municipalities, and local governments are increasingly in the crosshairs of hackers, state-sponsored cyber campaigns, and opportunist looking to cash out at the expense of local coffers.
Much like in the physical battlefield, the only way the manage the risks and prioritize threats is through triage. In the case of municipalities that means focusing on ransomware and its devastating effects to secure data and vital resources needed to keep communities operating.
Why are municipalities so vulnerable to attack?
Municipalities have become a beacon to cybercriminals due to their role as a storehouse to vast swaths of private data which are more often than not poorly protected by out-of-date security protocols littered with excessive systems admins and countless security gaps. The data, ranging from tax information and voting records to social security numbers, and everything in between, if compromised can result in extensive financial liability to the municipality and far greater loss to the individuals.
Further exacerbating the situation, municipalities by law are required to be transparent and provide their constituency with vast data points on any number of vital services or projects they may implement. While the public may appreciate this consideration, hackers have capitalized on this obligation to exploit the public infrastructure for personal gains.
“Because local governments maintain sensitive personally identifiable information, they have a fiduciary duty to safeguard that information. As large-scale data breaches continue to make headlines, local governments must make cybersecurity a priority.”
Between the financial obligations and the massive and publicly embarrassing cyber-attacks which have plagued cities for the past 5 years, many prominent voices are demanded broader municipal cyber accountability and a cohesive strategy to mitigating cyber risk.
Why do 45% of ransomware attacks target municipalities?
Municipalities have become a major focal point of hackers because they often fail to implement effective data protection policies. From rarely backing up data, not implementing multifactor authentication, failing to provide consistent cybersecurity education for their employees to not deploying innovative endpoint and cloud security solutions, municipalities’ significant and easily exploited weak points make them particularly susceptible to attack.
Complicating matters “Small and medium-sized cities [often] do not have the resources or funds they need to invest in IT security. Cities also struggle to keep pace with technology. For example, refresh cycles may not be timely because of the required continuity of their services for its citizens, or new IP-based delivery activities are implemented on aging computer systems. Additionally, municipalities deal with fractured organizational structure and public-sector bureaucracy, which lead to slower deployment of security measures.”
As a direct culmination of a lack of effective IT governance and a proven history of paying ransoms, attackers continue to target municipalities for massive financial gains.
How to mitigate the risks?
Municipalities must tactfully balance the needs for prevention, deterrence, identification, and discovery of the attack itself, with an effective strategy for the response, crisis management, damage control, and eventually a protocol to return to regular operations. The complexity of this task demands a comprehensive understanding of the interplay of malicious players and the expanding attack surface to win the battle of critical infrastructure cybersecurity.
It is critical that municipalities prioritize cyber threats, allocate much-needed funds to implement important technical solutions, and instill a holistic cybersecurity culture from the top down through the support of key leaders and ongoing employee education to build cyber resilience the application of industry best security practices.
This article originally appeared in Cyber Defense Magazine July 2021 Edition
The article can be found on pages 69-71