Be prepared: Cyberattacks on local government can happen

Oct 14, 2022

cyberattack on local governementIt’s budget season for Indiana’s cities and towns. Who’s paying attention to the IT line item? Last year there were 77 successful cyberattacks on local and state governments, according to Pew. Whether you’re a taxpayer or an elected official in city government, now is the time to look at the budget and understand how cash is spent to ensure your online systems are secure. Cyberattacks on local government can and do happen.

A Pew report published in January says, “Cybersecurity might not be high on the list of local governments’ priorities—but it should be…” The report cites attacks on several U.S. cities including Salem, New Hampshire. That ransomware attack forced a week-long town shut down because the entire computer network was impacted. The effect was felt in every aspect of town government from police and fire departments to the ability to pay the bills and communicate via daily email communications. It does appear more local governments are taking notice.

This year, 97% of officials identified cybersecurity as a top priority, up from an already high 88% in 2021 according to a CompTIA study. And cybersecurity in our nation’s cities and towns has also caught the attention of the FBI.

In April, 2022, the FBI issued guidance to local governments related to ransomware attacks. The report says, “Victim incident reporting to the FBI between January and December 2021 indicated local government entities … were the second highest victimized group behind academia.” The report includes recommendations for municipalities:

  • Keep software and operating systems updated
  • Establish user training programs, particularly to counter phishing
  • Set strong password protection on accounts.
  • Require multifactor authentication for services.
  • Back up data to offline storage.
  • Encrypt all backed-up data.

Key in this list: backing up data to offline storage. Going into the New Year with a new budget, city and town leaders need to be curious about what this really means. A large percentage of municipalities continue to operate using servers and some leaders have no plans to change IT infrastructure. Ask questions. How are servers updated, backed up and kept safe? If there were a cyberattack, can data be restored efficiently?

Some in municipal government appear to have asked these questions are already are thinking ahead. The CompTIA survey reports data backup, integrity, and restoration” alone saw an increase in highest priority from 54% last year to 86% this year and 44% of leaders report using managed IT services. Unfortunately, the remaining are either still considering it (23%) or aren’t considering it at all (33%).

Perhaps for the latter group, now is the time. Among best practices to ensure data security is to shift from a server to a cloud-based managed services environment. What’s interesting is the survey shows government leaders are only mostly satisfied with ROI, at 59%. In the event of a cyberattack, it’s probable this satisfaction would greatly increase. Here’s why.

Let’s use the example of an Indiana municipality with a $30 million budget. Let’s say there are 100 employees. The estimate for the cost per year for cloud-based managed IT is volume based per employee and would be $10,000 per month or $120,000 per year. That’s 4% of the overall budget of our fictional Indiana town.

Now compare that total budget to the average cost of a ransomware attack, which has increased 71% this year, to $4.5 million. If there were a ransomware attack, data that’s stored in the right cloud environment is still available and can efficiently be restored to user accounts.

Shifting to the cloud also saves on the cost of hardware and software. There is no need to purchase network switches, firewalls, servers, and other equipment. The bulk of required hardware and software is handled with onsite network equipment, included in an IT support plan. This reduces total cost of ownership over the long run because the cost is for only what is used. This changes the expense from a capital expenditure (CapEx) to an operational expenditure (OpEx), with a monthly service fee spread throughout the year.

While some might say, I’m not going to pay for what I cannot see, the reality is municipalities see the results of working in the cloud in their IT budget line item each month. Cost savings and efficiencies can be quickly realized with the real and long-term threat of becoming the next victim of a cybercriminal diminished.