Ransomware presents a growing threat to vulnerable local governments
In the past, cities and counties were not a prime target for ransomware attacks, says Rahul Mahna, a partner who leads the Outsourced IT Services team at Eisner Advisory Group LLC. The company is a licensed independent CPA firm providing tax and business consulting services to their clients, which includes governments. Mahna has more than 20 years of experience in cybersecurity and information technology.
“Local governments have been a unique entity in the cyber-security landscape because of their lack of ability to pay ransomware,” Mahna explains. “Traditionally they did not have the abilities to easily transact a payment to a malicious actor, so they were not as highly targeted.”
But times have changed, and today, cities and counties face ransomware attacks. Mahna notes that public sector entities lack resources to combat cyber threats. He says this is due to tighter state and local budgets. What’s more, local governments remain vulnerable. “It’s our belief in the coming years this will increase as the bounty moves from transactional cash payments to more instances of potential damage to local governmental records. With deep-fake abilities to mimic voice and handwriting improving, the threat objective can change very quickly.”
Mahna says email interactions are where bad actors often get a foothold to attack public sector IT systems. “In our experience, many local governments have employees that have been in their positions for many years. Although they have key historic knowledge, they have not necessarily been trained and educated on the latest technologies and cyber-security threats. It is our position that the employees (and their periodic training) are a wonderful area to focus time and money for a local government to improve efficacy and security to the whole community.”
He says instructing employees can help reduce the potential of a ransomware attack on public entities: “We have consistently encouraged more email training for users on what they should look for. The more employees are trained, the better first line of defense to protect the organization.”
At the start of their efforts to safeguard technology, local entities should monitor building entryways, Mahna tells Co-op Solutions. “Many smaller local governments have their buildings open to the public. When those buildings have internet access through hardwire or wireless connection, it becomes an entry point in the security efforts. Implementing cybersecurity software and devices are a given, but simply doing physical audits to check internet entry-point security is a great first step in a local government protection program.”
Mahna says there are other ways local entities can safeguard citizens’ data, log-in information, as well as their vital records. “Multiple levels of security checks and perhaps more biometrics tools are a few ideas to help make it harder for a bad actor to impersonate a legitimate person and damage their records and reputation.”
Biometrics refers to the automated recognition of individuals by means of unique physical characteristics or personal behavioral traits. Biometric tools are used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints and iris scan samples are all examples of biometrics.
Mahna says some of his firm’s local government clients have increased their spending on the following in recent years to protect their systems: email filtering, email backup and disaster recovery technologies
Artificial intelligence (AI), predicts Mahna, will become the single biggest threat to the security landscape for local governments. He also believes that some local agencies won’t have the ability to adjust fast enough to handle the surge in bad actors and actions that can occur due to AI’s growing role. “The only way to help thwart this wave is to regularly educate and train the staff to a high enough degree that they can be highly aware and be able to decipher what is a good actor versus a bad actor.”
OMNIA Partners, who sponsors this page, offers a robust portfolio of cooperative contracts in the public procurement space. The firm lists a number of cooperative contracts under the keyword “cybersecurity.”
Michael Keating is senior editor for American City & County. Contact him at [email protected].