Executing targeted cyberattacks on government entities has been something cybercriminals always liked to indulge in. In the past, glory and fame were their main motivations. Today, the main motivation is profit. This has dramatically changed how they select their targets. The goal now is to inflict serious damage with little effort, and small cities, with their large data archives and connections to state systems, have proven to be catastrophically vulnerable.
Small Cities Continue to Struggle
In February last year, the city of Allentown, Pennsylvania, was hit with an advanced malware called Emotet. Designed to steal financial data, Emotet spread like wildfire around the city’s networks and disrupted city services for weeks. The total cost of the attack reached $1 million, plus another $420,000 a year for new defenses.
This summer, three Florida cities — Key Biscayne, Riviera Beach, and Lake City—became victims of a ransomware attack that paralyzed their computer systems and shattered their sense of security. What’s most interesting about the three cities is that they together have just 50,000 residents: Key Biscayne has 3,000, Riviera Beach has 35,000, and Lake City has 12,000.
All three cities were asked by cybercriminals to pay a ransom of around $500,000, and they all eventually agreed to pay the full sum, showing just how profitable targeted attacks on small cities can be.
Big Cyber-Risks in Small Towns
“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have. I mean it’s just phenomenal,” says Gary Hayslip, CISO for security firm Webroot. “They have everything from permits to people paying their water bills to parking tickets to whatever. People are investing in bonds. US cities are very, very similar to large multinational businesses.”
Despite having massive amounts of data, small cities often have the most severe budget constraints that prevent them from hiring the people they need to keep their systems safe, and they don’t always realize that partnering with a provider of managed IT services is an option. Consequently, small cities are often forced to rely on legacy and outdated technology despite the fact that the complexity of cyberattacks is increasing at a rapid pace.
“There remains a persisting capability gap in our ability to confront the clear and present danger of cyber terrorists and cybercriminals,” states a report published by the city of Shavano Park, where cybercriminals took 2.1 terabytes hostage in a ransomware attack, including 58,000 financial and accounting files.
Improving Cyber Defenses
Others believe that budget constraints are not the main problem—how the budgets are allocated is. “There is plenty of money being spent,” says Oren Falkowitz, a former National Security Agency and US Cyber Command senior analyst and founder and CEO of Area 1 Security. “It’s not being spent efficiently to go after the problem.”
Experts like Falkowitz believe that small cities should focus on the following three areas to avoid becoming victims of cybercriminals:
- Employee training: Phishing remains the most effective tactic used by cybercriminals, and the only effective protection against it is employee training, which should include regular discussions with employees about good internet practices, such as not responding to spam emails and avoiding malicious links.
- Protective measures: There are many protective measures small cities can adopt to improve their cybersecurity posture. For example, they can limit what devices can connect to internal systems, enforce strong passwords, and replace outdated security technologies like firewalls or anti-virus software with modern endpoint protection.
- Data backups: To avoid having to pay large ransom payments, small cities should regularly back up their data to the cloud, offsite servers, or a combination of both. They should also have a well-documented disaster recovery plan and test it on a regular basis.
Recently, many small cities in the US have become the targets of sophisticated cyberattacks, and it’s only a matter of time before another small city will make the headlines and inspires more cybercriminals to follow in the footsteps of their predecessors. Local governments should look to managed security providers, like Vology, that have the 24/7/365 capabilities to help them, and their staff, protect the valuable data of their residents.