Why Local Governments are Increasingly Vulnerable to Cyberattacks

Why Local Governments are Increasingly Vulnerable to Cyberattacks

The advent of the Internet has done wonders for the world. However, it’s spurred an ugly side effect; cyberattacks. These attacks come in the form of data breaches, ransomware, password attacks and SQL injections. Statistics show a cyberattack happens every 39 seconds in the United States and cause trillions in damage.

No individual or entity is 100 percent safe from a cyberattack. In fact, the CIA, which is a global leader in security, was the victim of the largest leak of CIA documents in the agency’s history back in 2017. Though some are better protected and prepared to handle a cyberattack, local governments and acting agencies are especially vulnerable.

Rise of Cyber Attacks in the Public  Sector

Cyberattacks, particularly ransomware attacks, against state and local governments jumped 39 percent in 2018, per a report from Recorded Future. The report identified 53 ransomware attacks that took place in 2018 with victims ranging from a city in Florida to libraries across St. Louis. 53 may seem like a small number, but ransomware attacks have the potential to impact thousands of people.

Last May, for example, the computer network serving the City of Shavano Park was infiltrated with ransomware.  Cybercriminals held 2.1 terabytes of information hostage, which included social security numbers, employee health data and financial and accounting records.

A ransomware attack is a form of malware featuring a rogue code that holds a computer hostage until a ransom is paid. The code often infiltrates a computer through a PC worm or Trojan that takes advantage of open security vulnerabilities.

Why are Local Governments Vulnerable to Cyberattacks?

The attack on Shavano Park and other local governments are a reminder that such entities are particularly vulnerable to ransomware and other cyberattacks. But why are local governments susceptible to these attacks? The primary contributor; lack of necessary resources, awareness and funds.

A 2017 report from the Texas Legislature found only 200 of the 1,100 cities in Texas have at least one full-time cybersecurity employee. This lack of cybersecurity personnel is partly to blame on lack of sufficient funding and a shortage of access to individuals with cybersecurity skills.

There certainly are local governments that do a commendable job with cybersecurity. It should be noted these governments are much larger and better funded than smaller municipalities. However, recent data shows a large portion of local governments, no matter the size and funding, are still unprepared to respond to and recover from a cyber intrusion.

Data shows local officials are unaware of how to detect cyberattacks and prevent data breaches. They also lack the knowledge necessary to recover from ransomware, data breaches and data exfiltration. This lack of knowledge is partly because public officials are not aware of the need for cybersecurity. In fact, more than 40 percent of elected councilors and commissioners were not aware of the need for cyber protection. However, this lack of preparedness is due to change with the passing of House Bill 3834. The new law, which took effect in July 2019, requires certain public officials and contractors to complete annual cybersecurity training. You can learn more about HB 3834 and find out if you’ll be required to complete the training by clicking here.

Cybersecurity Services at Jones|Carter

Cybersecurity protection will only become more crucial as computers become more deeply integrated in city-run systems. Jones|Carter offers an array of cybersecurity services to cities, counties, MUDs and other municipalities across Texas. Speak with our Electrical team to learn more about our services.