Local governments possess mountains of valuable data. And for that reason, Cyber threat actors view city infrastructure as an attractive target. But cybercriminals also know the great number of interdependencies that tie to government entities, which has made them even more attractive targets for ransomware attacks or extortion.
Earlier in January, Salisbury, Maryland saw the decimation of a police department’s entire computer network due to a ransomware attack. The attacker accessed the network through a third-party software vendor. While a backup system prevented data loss, it took more than two weeks to restore the system, gumming up the department’s workflow.
More recently, in Akron, Ohio, a cyberattacker shut down the city’s 3-1-1 call center, demanding thousands of dollars to restore the system.
Similarly, the Baltimore 9-1-1 system was hit last year, shortly after the major ransomware attack on Atlanta, forcing emergency calls to be manually managed. Adding to the list of civic targets, a borough in Alaska had to declare disaster after it was hit with what they described as a “multi-pronged, multi-vectored attack.”
Such attacks can not only disrupt critical services, they can also sow fear in communities. And, as cities become smarter, the attack surface broadens. Keeping municipalities secure requires a 360-degree plan that accounts for internal threats, potential risks through third-party vendors, network infrastructure vulnerabilities whether on premises, in the cloud or somewhere in between, and of course ongoing training and education for staff. The more prepared, the easier and less costly the containment and clean up.