Ransomware: A Growing Threat to Cities and Municipalities
According to a study by Emsisoft, 106 municipal governments were affected by ransomware last year, with TechTarget terming 2022 a breakout year for this cybersecurity attack vector. In addition, a recent KnowB4 white paper revealed:
- The average cybersecurity breach costs states between $665,000 to $40.5 million, with a median cost varying from $60,000 to as much as $1.87 million.
- The average ransom amount demanded by cyber thieves from 2013 to 2020 was $835,758,
- Sixty percent of states have “voluntary” or no cybersecurity training programs.
- Over half of the attacks on state governments are directed toward cities and schools.
Not surprisingly, the number of high-profile attacks is growing:
- In the winter, Oakland declared a state of emergency after a ransomware assault against city government networks, infrastructure, and communication systems. Similar attacks targeted hospitals, school districts, and other public entities like the Bay Area Rapid Transit system.
- Last fall, Suffolk County in Long Island was hit by a ransomware attack that forced officials to turn off internet connections entirely, leaving 911 dispatchers without computer-aided dispatch communication systems that automatically locate and record callers.
- In America’s heartland, Quad-City, Iowa, schools, cities, and counties were victimized by a string of ransomware attacks that cost nearly $1 million in taxpayer money and jeopardized the personal information of thousands of citizens.
Can anyone stop this municipality mayhem? In this blog, we will explore the cybersecurity challenges facing municipalities and spotlight one city addressing this issue using Matrix by VirnetX, a leading-edge solution designed to help stop threats through secure remote file access and authentication for users and devices.
Why Municipalities Are Targeted
Standing at the corner of massive consumer data and vulnerable networks, municipalities are the perfect targets for bad actors looking for a quick and lucrative score. As the guardians of tax information, social security numbers, voter records, and a wide range of essential infrastructure, it’s not surprising that they have become primary targets for cybercriminals.
By law, municipalities must also be transparent. While having an open government makes it easier for citizens to access information and public records, it also makes it simpler for cyber thieves to take advantage of public networks that house confidential data.
Underfunding and Legacy Systems put Municipalities at Risk
A lack of funding and resources places cities at a considerable disadvantage and unable to invest in solid technologies and cybersecurity protection. Moreover, scarce resources can put IT specialists for municipalities in a difficult position, forcing many to stick with legacy systems that may protect their jobs but not fully guard the city.
The state and local education obstacles further exacerbate the issue, making it hard for municipalities to stay current with evolving cybersecurity threats.
Another obstacle is insufficient knowledge or understanding of the importance of cybersecurity. Cities sometimes look at cybersecurity as an optional expense rather than a key investment. Many small and medium-sized communities also think that they are not targets of cyberattack, which is a misconception. The reality is that bad actors see these municipalities as easy marks since they are unlikely to have strong cybersecurity systems.
Contributing to the underfunding of municipalities is the competing priorities for the resources available. Many cities have budget issues, and cybersecurity vies with other essential needs including infrastructure, healthcare, and education. For government leaders, it is a daunting task to provide cybersecurity resources when there is little indication of its impact on the city’s overall welfare. Because of this thinking, it is imperative to elevate awareness among local leaders and citizens about the value of cybersecurity, which will help prioritize funding. Without sufficient funding they will continue to be susceptible to attacks that could lead to big financial and reputational damage.
911 CAD Systems: A Ticking Time Bomb
The fragility of 911 CAD systems, essential for emergency responses, is another concern. CAD is typically utilized for remote entry. If inadequately monitored, the potential for disruptions and breaches in emergency services increases. The implications for poor network cybersecurity raise the question: How can you be responsible for protecting a network you cannot even control?
The 911 CAD issue is a large problem because of its responsibility in emergency response. Attacks hitting these systems could derail critical services, putting lives in jeopardy. Compounding matters, many cities continue to deploy unsupported and outdated CAD software, which heightens their vulnerability to cyberattacks.
It is vital 911 problems are addressed because not doing so can end up costing millions of dollars to recover. For instance, the ransomware attack on Atlanta’s system destroyed years’ worth of data and shut down several services, costing the city $2.7 million in recovery services.
Covid Exacerbated the Vulnerabilities
When Covid-19 struck three years ago, it forced many municipalities nationwide to quickly pivot to remote/hybrid work, online education, and virtual meetings. While expanded connectivity has been positive in many respects, bad actors have pounced on the situation by attacking holes in telecommunicating setups, online learning platforms, and virtual meeting operating systems.
Further compounding matters are the disparities among municipalities. Low-income communities with even less funding and resources frequently need help maintaining rigorous security protocols. As a result, these cities may need to have trained staff or the capabilities to stay current with advanced cybersecurity architectures. Consequently, low-income municipalities are at greater risk for attacks on vital 911 systems.
Adding to these challenges is the shortage of cybersecurity professionals, where private industry typically offers higher salaries and more promising career opportunities. Most municipalities cannot compete when attracting IT specialists. Without top talent, cities are left with staff shortages and inadequate monitoring and management of systems.
Bridging the Cybersecurity Gap in the City of Bridgeport
Like other cities, the City of Bridgeport, West Virginia, experienced a damaging ransomware attack in 2021 that underscored the vulnerabilities municipalities face when their networks are not sufficiently protected.
However, the City of Bridgeport soon took action to strengthen its cybersecurity posture under the new Director of IT, Jesse Chaney. Working with a limited budget and resources, Jesse met with the Department of Homeland Security (DHS) and applied for federal grants to help bolster the City of Bridgeport’s network security. He also partnered with the Cybersecurity and Infrastructure Security Agency (CISA) to embark on a whole network assessment and to establish a baseline for the City of Bridgeport’s security steps.
With few resources, Jesse zeroed in on two primary areas: multi-factor authentication (MFA) to validate and identify people accessing the City of Bridgeport network and monitoring and controlling access within the system to gain insights into user and device activities.
Passing the Police Test in the City of Bridgeport: Rapid, Secure, and no User Training Needed
Matrix is a cybersecurity platform that offers an effective and affordable solution for blocking
unauthorized access to cloud or on-premises applications. It provides an additional layer of protection by enforcing access policy controls and enabling real-time network management, crucial components in the fight against ransomware, malware and other threats.
But in the City of Bridgeport, the proof was in the testing, and Jesse picked the city’s most challenging use case: the City of Bridgeport Police Department. Matrix performed beyond expectations. Responding to 911 calls can be time-sensitive, and police officers typically go through a protracted process of reauthentication, recertification, and validation on their police car laptops. Not with Matrix. During the tests, everything connected in under 10 seconds. Other solutions lagged at 30 to 45 seconds. Even more impressive, five steps were eliminated from the process and there was no need for user training. It was a major “aha” moment for the City of Bridgeport.
Jesse Chaney shared his thoughts on the successful test:
“Matrix is very beneficial for our patrolmen, as you can imagine trying to type and navigate a PC while on the road can be tricky. Time is very critical when they are on a call, Matrix provides us the ability to cut out those connection, authentication and authorization steps while maintaining a secure connection to our network.” and went on to say “I know there are other cities, counties and municipalities, not to mention state-wide needs that would greatly benefit from using VirnetX Matrix, not to mention, saving time, budget and resources with far better protection”
As we touched on earlier, cities are often at risk because of insufficient resources and budgets. In the City of Bridgeport, however, a solution was identified that not only optimized cybersecurity but also advanced efficiency with no user training required.
Matrix had passed the test with flying colors, and VirnetX soon announced the deployment of Matrix by the City of Bridgeport. Matrix proved to be a robust, economical solution that could supplant multiple applications, improve security, and simplify system management.
Experience the Power of Matrix in Your Municipality
A cost-effective platform, Matrix provides an additional layer of protection designed to prevent unauthorized access, enforce access policy controls, and enable real-time network management to secure your cloud or on-premises applications and help protect your network from malware, ransomware, and other cybersecurity threats. Zero-Trust Network Access protection and “single-click” technology are designed to make VirnetX products more effective at preventing cyber threats and more user-friendly than other available products and services.
With Matrix, municipalities can embrace advanced cybersecurity solutions for changing network requirements while leaving expensive, antiquated, and ineffective legacy systems behind.
Are you ready to enhance your municipality’s network security through Matrix? Discover the might and muscle of Matrix. Leave a languishing legacy in your rear-view mirror and defend your network and community against cybersecurity threats with Matrix’s modern Zero-Trust Network Access and “single-click” technology. Schedule your demo today!
What you should do now
Here are 3 ways you can start working towards improving your cybersecurity posture today.
- Claim your free consultation: If you would like to assess your risk or learn more about how to implement a zero-trust architecture schedule a free consultation.
- Figure out realistic cybersecurity goals for your city or organization: Fill out CISA’s Cybersecurity Performance Goals checklist to determine practical goals for your city or organization.
- If you know a city executive, business leader, or IT stakeholder who would enjoy reading this page, share it with them via email, LinkedIn, Twitter, or Facebook.