As the Vice Mayor of a small town, cybersecurity is one of my top concerns, and if it isn’t already, it should be one of yours too. Here’s why.
Last year, Atlanta’s outdated computer systems were hacked in a massive attack that ended up costing the city more than $17 million to recover from. Baltimore was struck just months later, its poor cybersecurity costing the city $18 million. Then Greenville, North Carolina. Then Riviera Beach, Florida. The list goes on.
In 2019, a focus on cybersecurity at the local level isn’t a sign of paranoia or a flight of fancy—it’s a key aspect of responsible governance.
There are numerous reasons why municipal systems are proving a favorite target for hackers of all motives and affiliations—some see juicy targets for extortion in cities running on outdated software, while the personal data stored on government servers is coveted by everyone from petty thieves to hostile governments amassing troves of information on US citizens—but these attacks all have one thing in common: their victims were unprepared.
And as tempting as it is to believe that smaller communities like Marin’s would make unenticing targets not worth a hacker’s effort, the reality is that there’s often little effort involved; bad actors have unleashed untold thousands of bots onto the web, crawling across every website they can find and probing for vulnerabilities to exploit.
In Corte Madera, population just under 10,000, we fend off attempted cyberintrusions every single day. Others aren’t so lucky; Lake City, Florida—the same size as Larkspur and San Anselmo—paid $480,000 in ransom after an employee opened an email that launched a crippling attack, but still hasn’t gotten back the more than 100 years of records that were stolen. There’s no guarantee it ever will.
The threat can be expected to significantly worsen in the coming years: security experts warn us that the impending marriage of artificial intelligence and ransomware will make attacks even more destructive and harder to detect.
In the face of this menace, there are steps that local governments can and should take. More than 225 members of the US Conference of Mayors have already adopted policies vowing not to pay ransom, a powerful signal to financially-motivated hackers that there is nothing to be gained from an attack.
Of course, a city can only be in a position to take such a stand if its data is regularly backed up to a safe location offline. This critical practice mitigates the possible damage from a successful attack to the time spent while systems are wiped and the data restored.
It’s also imperative that cities protect their systems by maintaining a strong firewall, and by keeping all software up to date.
Finally, there’s the ever-present potential for user error. A city can pour millions into its cyberdefenses, but at the end of the day, one false click of the mouse by a municipal employee can still open the gates to disaster. That’s why training employees on how to spot suspicious emails and react to threats is one of the smartest investments an agency can make.
No city can be ‘immune’ to cyberattacks, but by taking steps like these, we can help safeguard taxpayer-funded assets and lessen the chances of a breach. The lesson from cities across the nation is clear: cybersecurity must now be a top priority for communities of all sizes.