Cyber Threats on the Rise for Municipalities
In the past, local government officials might not have been fully aware of the risks associated with their cyber behaviors. As key stakeholders in maintaining the security of sensitive information and data-sharing systems with state and federal government programs, they are responsible for safeguarding this valuable data.
Ransomware, previously on the decline, has become a lucrative, low-hanging fruit for attackers since identifying them is often difficult, making accountability elusive. State and local governments are being bombarded when it comes to public-sector cybersecurity. Furthermore, a recent study by the National Association of State Information Officers finds that about 50% of states lack a dedicated cybersecurity budget, while 37% have reduced funding or stagnancy.
Municipalities have dealt with expanding and persistent cyber risks for decades as the amount of data they handle has skyrocketed. With over 70% of all ransomware attacks targeting state and local governments, it is evident that cybercriminals view cities as easy targets. Municipalities must tackle these numerous challenges to protect their assets and citizens effectively.
Why Are Government Bodies Targeted by Cyber Attacks?
The convergence of valuable consumer data, vulnerable “secure networks,” and inadequate management make municipalities a prime target for cybercriminals seeking easy data opportunities. As custodians of critical information like voter records, tax details, social security numbers, and access to essential infrastructures, it’s no wonder municipalities are becoming focal points for cyberattacks.
The challenge is further exacerbated by the legal requirement of government transparency. While this open government policy has made access to public records and information easier for citizens, it simultaneously exposes public systems containing sensitive data to potential cyber exploitation. Consequently, local governments have a fiduciary duty to protect such information.
A 2020 report by the International City/County Management Association (ICMA) underlined five critical factors that make local governments an attractive target for cybercriminals:
- Number of Local Governments: The 90,075 local governments across the US make it difficult to create and implement a unified public-sector cybersecurity strategy.
- Holders of Sensitive Information: State and local governments store vast amounts of sensitive personal data – names, addresses, driver’s license numbers, credit card numbers, Social Security numbers, and medical information – as well as operational, billing, and financial details of governments. Ransomware attackers prioritize gaining access to this personal data.
- Inadequate Cybersecurity: The ICMA report discovered that local government systems tend to have weaker defenses compared to federal ones. Addressing this disparity in cybersecurity within the government sector is imperative.
- Financial Constraints: A global study by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) surveyed over 500 cybersecurity professionals and uncovered organizational issues such as difficulty in recruitment, insufficient compensation, poor HR understanding of required skills, and unrealistic job postings in the cybersecurity field.
- Use of IoT: Local governments have widely adopted IoT and smart city technologies to avail a diverse range of connected devices that provide, monitor, and manage citizen services. While undeniably beneficial, they introduce new vulnerabilities and pose increased risks for local governments.
Common Types of Attacks Affecting the Public Sector
Among the numerous cyber threats faced by municipalities, ransomware stands out as the most significant. Ransomware involves hackers denying access to an organization’s files, computers, or sensitive data until a substantial ransom is paid. These criminals have evolved their tactics to cause maximum financial damage, utilizing methods like brute force attacks and credential stuffing, which now surpass phishing emails as prominent ways to distribute ransomware to susceptible targets.
Typically, hackers’ initial steps in causing destruction involve credential harvesting and password compromise through file-based attacks. Credential stuffing and password spraying often derive their success from systemic password reuse, leading to compromised credentials which consequently enable frequent ransomware attacks.
Ransomware attacks have recently emerged as one of the most common types of cyberattacks. This malicious software gains access to files or systems, blocking user access and holding files or devices hostage using encryption until the victim pays a ransom in exchange for a decryption key. Ransomware attacks usually start with seemingly innocuous emails containing links or attachments that enable hackers to infiltrate individual systems and networks.
Despite their relatively low sophistication, ransomware attacks can cause severe consequences, such as shutting down servers, exposing data, disrupting 911 centers, and interfering with traffic management systems. An alarming example of a coordinated ransomware attack in the fall of 2019 impacted 22 smaller Texas communities simultaneously, demanding a combined ransom of $2.5 million.
Besides phishing, social engineering attacks and miscellaneous errors like misconfiguration, misdelivered emails, and paper documents ranked second as causes of public-sector cybersecurity incidents. Other notable threats include state-sponsored cyber-attacks and improper internal system usage.
The Cost of Cyber Attacks Impacting Public Offices
The financial repercussions of cybersecurity breaches on state governments range significantly, with average costs varying between $665,000 to $40.53 million and median costs spanning from $60,000 to $1.87 million. From 2013 to 2020, cybercriminals demanded an average ransom amount of $835,758. Alarmingly, 60% of states either have “voluntary” or no cybersecurity training programs in place, and 53.2% of state government attacks are aimed at cities and local schools.
Municipalities, which deliver critical services to citizens and rely on taxpayers and the federal government’s financial support, are particularly attractive targets for cybercriminals. In 2018, Atlanta, Georgia, faced a ransomware attack that demanded $55,000 in Bitcoin
When faced with ransomware attacks, municipalities are confronted with the difficult decision to either pay the demanded ransom or bear the recovery expenses. In both cases, sensitive information may be lost, and the municipality’s security is left compromised. For instance, between 2016 and 2020, Texas suffered 19 reported ransomware attacks that affected hospitals, impacting over 1.2 million patients. The potential cost of cyberattacks on municipalities is substantial, making adequate cybersecurity measures and training imperative to safeguard their assets and citizens.
Challenges in Safeguarding Municipalities from Cyber Attacks
Municipalities face several hurdles in securing their organizations from cyber threats. The involvement of politics is an often-underestimated factor, affecting the allocation of funds and the ability to implement security measures. Furthermore, municipalities find it difficult to attract cybersecurity talent who are qualified to handle the intricate political and regulatory environment when the private sector can offer more lucrative packages.
False Security Alerts
Another issue arises from an abundance of false positives in cybersecurity alerts, as reported by a 2021 Fastly study, with approximately 45% deemed false alarms. Distinguishing between actual threats and benign behaviors is crucial to minimize disruptions and ensure public safety. To mitigate the occurrence of false positives, organizations must rely on expert reviews, silent testing, proactive adaptation, alert specificity, and automation through artificial intelligence (AI) for incident detection and response.
The onset of the COVID-19 pandemic in 2020 also led to an increase in cyberattacks, with more people working remotely and lacking access to vital IT support and security updates. Further complicating cybersecurity is the widespread use of mobile devices for both work-related and personal purposes, exposing municipalities and cities to additional risks.
Also, an alarming rate of municipal officials are accustomed to sharing sensitive documents via email, increasing their vulnerability to ransomware threats. When accustomed to receiving documents and updates in this manner, officials and staff may be less vigilant against malicious links and attachments. Consequently, ransomware attacks rose as cybercriminals found easy targets in smaller government institutions.
High Amounts of Sensitive Data to Protect
State and local governments bear the responsibility of protecting a wide range of sensitive data, from election systems and social security numbers to credit card information and detailed medical records.
How Should Cybersecurity Be Addressed in Public Offices?
To mitigate cyber risks for municipalities, both simple and comprehensive measures must be adopted.
Basic Security Hygiene
Short-term solutions such as strengthening email and password security, applying system patches, protecting self-service citizen portals, and enhancing employee education can effectively reduce potential human errors. Municipal devices containing sensitive data or applications should be remotely wiped during security incidents, and only approved applications should be accessed on city-owned devices.
Incorporating dedicated hardware, such as fully patched tablets or laptops, remains crucial for municipalities. Utilizing secure portals to prepare and host agenda materials, password-protected systems, and adhering to proper cybersecurity procedures can significantly enhance municipal security in the future.
Automated Security Monitoring
Embracing automated systems capable of detecting baseline network activity and any anomalous behavior in public sector agencies can help identify possible leaks before they evolve into crises. As hackers often exploit weak network points to steal valuable information, robust network defenses are essential.
Long-term strategies involve reshaping an organization’s security posture from top to bottom, monitoring industry best practices, and implementing new technologies and critical approaches to counter cyber risks. Cities must adopt a digital security mindset, implement contingency and disaster plans, collaborate with other entities to minimize threats, and safeguard interconnected utility grids.
Cybersecurity training for everyone involved in the agenda creation and distribution process is crucial, emphasizing the shared responsibilities in maintaining security. Developing and reviewing a municipal cybersecurity plan at least annually is vital to keep administrators and council members aware of potential threats.
Enhance Your Cybersecurity Posture with AWA
Contact our team today to get started.
- CSO Online, Cynthia Brumfield; “Municipal CISOs grapple with challenges as cyber threats soar,” March 2023.
- Forbes, Dr. Oren Eytan. “Municipal Cyberattacks: A New Threat Or Persistent Risk?” June 2021.
- KnowBe4; “The Economic Impact of Cyber Attacks on Municipalities,” 2022.
- Government Technology; “The Increasing Concern of Public-Sector Cybersecurity in State and Local Government,” September 2022.
- Governing, Diana Baker Freeman; “Why Local Governments Are a Target for Cyber Attacks and Steps to Prevent It,” May 2022.