To keep pace with the constantly evolving threats and tactics of cybercriminals, municipalities must be proactive, not reactive, about cybersecurity.
Cyberattacks can be especially costly to local governments. Local governments are usually less prepared, already struggle with limited funding, and typically will not have knowledgeable staff prepared for an attack.
Why It Happens
Data indicates local governments are susceptible to cyberattacks due to their lack of necessary resources, awareness, and funds. Most local governments are not able to employ a full-time cybersecurity staff member, thereby creating a vulnerability in their data security.
Local officials do not have the knowledge or experience to detect cyberattacks and prevent data breaches. This could be in part because public officials are not aware of the need for cybersecurity. In 2019 Kaspersky recorded nearly 20 percent of all internet users were victims to a malware attack, a 14% increase since 2018. Cyberattacks are on the rise.
Data is Attractive
“If you think long-range, state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that,” says Chris Kennedy, former government cybersecurity veteran.
As local governments expand the connectivity of computer systems and networks, they become more exposed to the increasingly sophisticated attacks that exploit software and system’s vulnerabilities.
Everyone is at risk for a cyberattack. Even with a dedicated staff, the amount of time it takes to respond to a data breach can waste taxpayer money in your city, cause compromise to citizen privacy, and a loss in trust among citizens. 2019 reported the biggest number of government breaches yet. In Palm Bay, Florida, the city’s online utility payment portal was compromised in August, exposing 8,500 records. If your data was compromised today, how long would it take you to notice?
Outdated Technology and Legacy Systems
Due to local governments’ limited budgets for upgrading networks and security systems, they are often left using outdated technology without a dedicated IT staff to implement organizational safeguards to protect against the ever-increasing risk of a cyberattack.
These systems are often not unified across departments or locations, making them more difficult to maintain.
There are No Processes or Policies in Place
Without proper security protocols, municipal systems can easily be exploited by hackers by taking control of computer servers and knocking out public services, from traffic lights to water quality.
With the lack of knowledge among staff on how to handle an attack or how to protect their data, there are usually no policies or a defensive process in place.
Data shows that currently, local officials are unaware of how to detect cyberattacks and lack the knowledge necessary to recover from ransomware. By hiring full-time cybersecurity employees or an IT support company and training employees in basic data security protocols, local governments can protect their data and boost their security.
The motivation behind most cybercrimes is financial. The Ponemon Institute’s Cost of Data Breach Study found that the average public sector data breach cost $2.3 million, or $75 per record. Due to the lack of technology experts or skills among employees it can be hard to maintain security in small government, creating a longer response time to attacks and more unnecessary downtime.
93% of all data breaches happen in user mailboxes. 82% were from password breaches. With proper user training and further security measures, data breaches can be significantly reduced. Microsoft reports that 99% of account hacks are blocked by using a multi-factor authentication (MFA) and 95% of breaches were stopped by MFA & a Password Management Tool (2019 Verizon Data Breach Investigations Report).
Next Steps – Cyber Security Assessment
As large-scale data breaches continue to make headlines, local governments must make cybersecurity a priority.
Most local governments do not have a complete picture of the security gaps in their systems and networks. To develop a cybersecurity program, municipalities must first conduct a comprehensive risk assessment across all departments, identifying potential risks, exposures, and areas for improvement. If a municipality cannot identify its cyber vulnerabilities, it cannot expect to effectively defend against them.
Once the risk assessment is finalized and potential vulnerabilities are identified, municipalities can create actionable and appropriate solutions to address weaknesses in their system and direct resources to shore up security.
How We Can Help
Strategy can help you identify your network security needs and give you peace of mind with a security assessment. We’ll examine security controls and confirm they are present across your technology infrastructure. Strategy will examine routers, firewalls, and intrusion prevention systems, detailing any threats, vulnerabilities, impact, likelihood, and recommend actions for improvement. Ready to secure your network? Contact us today!