Agencies need to be prepared at the first sign of a cyber-attack.

Local governments are at risk of being targets for ransomware attacks, says Joseph Fusz, of counsel at the law firm Wilson Elser in its cybersecurity and data privacy practice. He says the following activities can impact ransomware threat levels:

• Governments implement programs that lead to adoption of new technologies, 

• Cities and counties that integrate digital data storage systems into their daily operations, and

• Public sector agencies that modernize their delivery of essential services.

“Local governments need to recognize that cybersecurity is an important public safety issue, not an information technology or individual department issue,” he says, adding that the sensitive personal information that governments store on their systems makes them ripe ransomware targets, and threat actor groups can demand ransomware for both financial gain as well as ideological reasons. 

Fusz assists clients with cyber risk management and compliance. He also aids clients in responding to cybersecurity incidents and breaches. In addition, he assists clients when they face state and federal regulatory investigations. His background includes experience conducting investigative incident response to threats and insider misconduct as well as critical threat assessment.

He says attacks will happen—and some may succeed—even with the best technology, and it is impossible to prevent all intrusions from unauthorized individuals. “Being prepared to respond to an incident is the first line of defense. Local governments need to maintain an active defensive posture on multiple levels against hackers and ransomware threats”

Fusz says it is crucial that governments be prepared to defend their organization against ransomware by installing the appropriate hardware and software. In addition, the agency should take reasonable security measures and install redundant backups.

And don’t forget to work with your employees on agency security, Fusz adds: “Continual education and training for employees and stakeholders is extremely important as well, especially when it comes to recognizing the initial signs of a potential cybersecurity incident and activating the response plan.”

Yes, it is at the human level where local governments and other organizations can be most vulnerable to cyber-attacks. “Monitoring software can be continuously deployed, hardware can be upgraded, and end points and systems can be secured, but it takes continuous training and vigilance from all employees for local governments to maintain an effective security posture against cyber-attacks and ransomware,” he says. “Local government needs to encourage a culture of cybersecurity awareness; have the right personnel in place; and provide the proper training, support and oversight to employees who utilize their systems to protect against internal and external threats.”

It’s safe to predict that governments will have to increase their IT defense budgets in 2025 and beyond, Fusz says, noting that cybersecurity incidents (including ransomware attacks) have been on the rise over the last several years. “Given that the high financial costs of remediation and recovery, along with regulatory investigations and civil liability that can arise out of a data breach, it is an extremely wise long-term investment to make sure that they have a complete and comprehensive security posture.”

Fusz says the first step that a local government should take to ensure a safe IT operation is to conduct a full internal cybersecurity audit. “They need to understand how they maintain and process sensitive data, and where they store it. They must know the full scale of their systems and networks and understand where they are vulnerable.” He adds that the government should ensure that they have the right personnel in place to fulfill this mission of having a secure IT operation. Here are a couple more steps governments should take on their cyber journey:

• Local governments need to review their policies and procedures as well as their employee education and training materials, to figure out what needs to be updated or removed, and what is being enforced or ignored. 

• They need to review the applicable law for their jurisdiction, and make sure they are in compliance with the changes that have occurred over the years. 

“Once the organization understands where they are, from a cybersecurity posture, they will be able to move forward and determine what they need to secure their systems and the data that they are responsible for,” Fusz says.

Fusz offers a few best practices that governments should employ to ensure a secure IT operation: 

• Regularly review and assess the adequacy of their Incident Response Plan and security posture.
• Apply the principle of least privilege for users, which refers to an information security concept in which a user is given the minimum levels of access or permissions needed to perform his/her job functions.
• Implement and enforce policies and procedures.
• Maintain accurate data inventories.
• Conduct digital asset audits.
• Upgrade the agency’s technological hardware and software in accordance with recognized standards.

Fusz points to one potential tool that can aid governments in securing their IT operations: “Artificial Intelligence (AI) and its expansive capabilities will undoubtedly have advantages for organizations in their efforts to secure the integrity of their systems and the data stored within.” He notes that as is true with any new technology, there could be unintended consequences or setbacks that could occur with AI, cautioning that: “It is always a best practice to maintain layers of cybersecurity defense and work with information security professionals to achieve a proper balance.”

OMNIA Partners, who sponsors this page, offers a robust portfolio of cooperative contracts in the public procurement space. The firm lists several cooperative contracts under the term “cybersecurity.”