Cyber-attacks on municipalities have been on the rise, causing concern among authorities and citizens alike. The reason behind this alarming trend is the fact that municipalities store a vast amount of valuable information and records of many citizens. As local and national governments transition from paper to digital record-keeping systems, hackers are increasingly interested in breaking into these systems to extract data. Municipalities are often easier targets compared to private companies due to outdated systems and inadequate security measures.
With our increasing reliance on technology and the digital storage of information, the risk of cyber-attacks becomes more significant. While technology offers numerous benefits and streamlines everyday processes, it also becomes vulnerable to hacking when proper security measures are not in place.
The consequences of a cyber-attack on a municipality’s data can be devastating. Compromising digitally stored data and the IT infrastructure can lead to significant disruptions to normal city functions. For instance, an attack on a municipality can impact essential services such as utilities, emergency services, and local law enforcement, negatively affecting the entire community. Moreover, attacks on cities threaten the integrity of confidential data, including personally identifiable information (PII) of individuals. If this data is released or lost, it can have severe consequences for the affected individuals.
One of the primary reasons municipalities are attractive targets for cybercriminals is their reliance on old and outdated technology. These systems often run on outdated software versions, making them susceptible to attacks. The lack of regular updates results in increased exposure to risks since patches and security fixes are included in the latest updates.
Even if a municipality decides to pay the ransom demanded by hackers, there is no guarantee that all the data will be returned. In some cases, hackers may permanently delete the data instead. Hackers can exploit online vulnerabilities using specific code or commands to compromise systems. In the event of a zero-day attack, it is crucial to isolate the affected systems from the network to prevent further contamination.
A recent example of a cyber-attack targeted a healthcare administrator that compromised the personal information of House of Representatives employees and staff in March 2023. Breaches like this can potentially expose vast amounts of personal information and put it in the wrong hands.
Adib Sarkar, founder, and CEO of CYB3R8, highlighted the interconnected nature of everything in our modern world, from smartphones to cloud systems. Each connection represents a potential weak spot for hackers to exploit. He equated the cybersecurity landscape to a game of “Find the Vulnerability,” where even a tiny crack can bring down the entire system. This statement underscores the need for securing devices since even a small vulnerability can compromise the entire system.
Hackers use various methods to infiltrate systems, including exploiting vulnerabilities in code, brute-forcing their way in by attempting thousands of password combinations, or using social engineering techniques to trick employees into divulging information. For example, hackers may send emails disguised as someone else to obtain sensitive information about a system.
To address this problem, local governments must ensure that their staff receives training to identify and avoid falling victim to such malicious attempts. Implementing routine password changes and encrypting stored data can also enhance security.
Cities often become prime targets for breaches due to their outdated systems caused by insufficient funding or improperly implemented security measures. Investing more resources into IT security can help municipalities avoid becoming targets. Recovering from a significant data loss incident can have severe consequences for a city’s reputation and functionality, making proactive measures crucial.
Hackers seek information to sell on the web or gain insights into companies. Money serves as a significant driving force behind attacks, with hackers extracting more valuable data to maximize their gains. Current data is particularly valuable, and hackers usually sell information in bulk before they can be caught.
Adib Sarkar aptly stated that hackers might aim to cause chaos, disrupt services, or steal sensitive information for leverage. Therefore, having a secure system requires updating technology to comply with new laws and regulations. Regular data audits should be conducted to identify anomalies, outdated tech should be replaced, and modern technology should be frequently updated to keep up with evolving threats. Investing in new security systems and training is more cost-effective than dealing with the consequences of a breach.
Veronika (Nikki) Jack is a student majoring in Information Technology-Cybersecurity at George Mason University. In 2022, she was recognized as a winner in Cyber Defense Magazine’s Young Women in Cybersecurity scholarship program. For any inquiries, Nikki can be reached via email at njack4682@gmail.com.