It’s October 2018, cybersecurity awareness month. But while many of us are at least partially aware of the privacy risks that have come with technological advances, one group seems to be behind: local governments. In the 21st century, cities are under attack and the city level cybersecurity is simply not up to speed.
Your City Under Siege
You might have heard about the ransomware attack against Atlanta this year. A ransomware attack had significant impact on the city, forcing police officers to file reports by hand and city workers to report via time sheets. Atlanta is currently facing more than $20 million in costs due to the attack.
Atlanta isn’t an isolated case. In 2011, hackers were able to destroy an Illinois water pump that serviced over 2,000 people. In 2017, hackers managed to set off 156 alarms in Dallas Texas, resulting in government officials having to shut down the city’s security system.
Hackers are increasingly targeting local governments and the numbers are concerning. In Los Angeles, cyber security analysts neutralize 2,000 intrusions any given week. A recent survey of local government cybersecurity found that nearly half their respondents experience cyberattacks at least daily. Daily! The problem is that most cities, when it comes to cybersecurity as it exists today, are not up to the job.
Local governments are simply not prepared to handle cyberthreats, especially detecting, preventing and recovering from data theft. Local officials are—not unlike the average citizen—unaware of the need for cybersecurity. As a result, they do not provide the support needed for successful cybersecurity efforts for local government.
It’s not only lack of awareness that plays a role in city vulnerability—although that is certainly very important. Infrastructure and plans are just not in place.
A survey from 2016 found that 38% of local governments are reliant on technology at least a generation old. Less than half of the governments polled had a written cyber security policy and only 34% had a policy for breach recovery. You read that right. Only half have a written cyber security policy and only one third have a policy for recover. Although that was a statistic from 2016- my guesses are it has not changed much based on what we saw in Atlanta.
It’s cybersecurity awareness month 2018—so what’s a city to do? I have four suggestions:
- Education is key. Those working in the government need to understand why cybersecurity is important for local government. They should be trained to recognize threats that frequently trip up organizations—like phishing emails or smishing, sms text phishing.
- Infrastructure needs to be up-to-date. Governments need to make sure that their systems are up-to-date, protecting them from bad actors.
- And then there’s planning. Governments must have written cyber security policies and breach recovery plans. In today’s world, no organization can continue forward without one.
- Finally, communication is key. Local governments need to communicate in a way that protects their communications—encryption is key – but it is not enough! Any communications platform that you use should be able to continue to run in the event of an attack – independent of your network and it should be able to prevent leaks from its platform. No forwarding, no sharing etc. Secure communication platforms like Vaporstream provide secure, ephemeral and compliant communication that can be used during emergency response. Learn more about how we can help during incident response by watching the video below.
It’s the 21st century and as technology advances, local governments have to catch up and ensure that they have a strong cybersecurity initiative and plan. Take advantage of this year’s cybersecurity awareness month to learn what you need to do to stay cyber secure.
Contributor: Kristi Perdue Hinkle