Consider the following: When a city’s data center is compromised, crippling its email and other communication systems, how does the mayor, CIO and other leaders communicate with staff to address the threat? In conversations we’ve had recently had with city leaderships, we found a trend: When you take down data centers, you take down the entire city’s ability to communicate.
Municipalities, like all modern organizations, are transitioning to digital primacy in their operations, but it’s leaving behind some substantial security oversights and blind spots. This trend coincides with an ongoing ransomware crisis that has started to target city governments more and more frequently. The number of ransomware attacks hitting cities has surpassed 100 per year.
Recent examples include Baltimore, Atlanta, Knoxville, Pensacola, New Orleans, and Tulsa. Across these incidents, attackers demanded ransoms, often in Bitcoin, in exchange for access to utilities, official city communications, court systems, traffic operations, and day-to-day government employee activity.
So the threat’s existence is evident, requiring an investment in cybersecurity practices. Generally, city leaderships agree that it is vital to avoid paying ransoms to prevent incentivizing future criminal behavior. But modern-day cities are discovering what the business community has run into in the past. Protection doesn’t necessarily scale with investment.
In January of 2020, New Orleans revealed that its costs to recover lost access and functionality from its ransomware attack reached more than $7 million and nearly nine months of work. Cyber insurance, meanwhile, covered approximately $3 million of the expenses.
Cybersecurity is no longer just the realm of the information technology departments. All aspects of state, county and city governments, from legal to risk management to operations, need to understand how a cyber attack impacts their core economics.
Evolver provides cybersecurity clients with modern protection every day, supporting hundreds of end users across the Federal government, local municipalities, and private businesses. Learn more about our cyber operations, risk management solutions, and auditing services.
New funding sources are creating an opportunity to create more resilient systems. Funds from the trillions earmarked for pandemic response in 2020 include funds for digital infrastructure, including broadband support for remote workers and cybersecurity protection for critical health systems, such as water delivery. The attacks that recently affected the East Coast supply of gasoline prompted a response from the White House in the form of an executive order on cybersecurity, with potential future legislation on the way. And the ongoing discussion on the expansive nature of national infrastructure has ramifications for cybersecurity spending as well.
Amid all these funding sources, the ability to set up a cybersecurity preparedness plan is there. But the critical factor will be the expertise in knowing which cyber operations are highest priority for which city. Because like any two given businesses, two city systems can vastly differ in their approach to data storage, access clearance, existing redundancy, and parallel systems. Because of the multiple threat vectors, city leaders have to be aware of the most needed cyber operations offerings that may apply in their unique cybersecurity set-ups.
Here are some examples:
