Cybersecurity Threats Are Not Just a Problem For The Big Players
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Richard T. Moore
November 11, 2019
If you manage a small municipal government or company, you’re a potential target for cybercriminals as much as or more than the federal or state government or a Fortune 500 company. That was one of the key messages presented at the 2019 Massachusetts Cybersecurity Summit held at Nichols College in Dudley, Massachusetts on October 16. Prior to presentations about what municipal and small business leaders can do to reduce the risk of becoming a victim of cybercrime, a local official from the Massachusetts town of Charlton (with a population under 14,000) explained the devastating impact of cybercrime on a small town.
Charlton, unfortunately, is not the only small community to become a victim to hacking, but the impact is illustrative of the fact that no one is exempt. The Worcester Telegram and Gazette reported on September 23, 2019:
“Worldwide, ransomware damage losses are predicted to reach $20 billion, with an attack on a business every 11 seconds, by the end of 2021, according to Cybersecurity Ventures, a leading researcher and publisher covering the global cybereconomy. Attacks on individuals are more frequent. Experts, including the FBI say the attacks come from inside and outside the country. And, in some cases, the attack is an inside job. Organized crime, gangs and disgruntled employees are among the growing number of cybercriminals. Tracing perpetrators is difficult.”
State Scoop writer, Eddy Bobritsky, in an article published April 17, 2018 explained the threat to smaller communities. He wrote:
“It’s not only the White House, the NSA and the Senate Intelligence Committee that should be alarmed. State and local government organizations face a growing cybercrime threat. Hackers are targeting municipalities and state agencies in part because they are often easier to breach than better-defended enterprise networks. More importantly, state and local government networks often host and process highly valuable data about individuals, critical infrastructure and sizable financial transactions. This leaves attackers highly motivated in a situation where they have a high chance of pulling off a successful heist of data or funds, disrupting operations, exposing public figures, or conducting espionage.”
When a community or small business is unable to access their computer system, much of their operations come to a halt. Public safety can be compromised. Taxpayer data can be exposed. Critical infrastructure like water and sewer systems can become public health nightmares. Certainly, paying cybercriminals the demanded ransom can encourage more hacking and added cost. The reputation of local government or businesses can be severely damaged. Even communities that have reasonably good security systems to protect their technology may be at risk. As several speakers at the Nichols College Forum stated, having back up files that are not connected to the main system might be a good insurance plan compared to reconstructing data files from memory or other sources.
CDW-G, an Illinois-based provider of technology products and services, is among the companies serving governmental entities, such as K-12 schools, universities, non-profit healthcare organizations, state governments, local governments and the federal government. CDW-G has suggested six components of an effective cybersecurity incident response plan. They are:
1) Preparation: A written plan articulating how the entire company or municipal government will respond to a threat or breach with assigned roles and areas of responsibility.
2) Identification: Determining the types of threats by using internal measures or third-party software.
3) Containment: Preventing a breach from spreading to other parts of the organization.
4) Eradication: Having a third party investigate and eliminate the threat.
5) Recovery: Getting systems back running.
6) After Action Assessment: Determining steps needed to prevent another breach.
Among the key insights noted in the CDW report that highlight the urgency for municipalities and small companies to prepare of cyberattacks is, “Fifty percent of organizations today reported widespread impact of breaches compared to only twenty-five percent in 2017.” They also report that the majority of organizations say that malware is their chief cybersecurity concern and add that less spending on IT might well contribute to more breaches.
Whether ready or not, cybersecurity threats exist and are becoming more sophisticated. Experts cited in countless articles and at the Nichols Cybersecurity Forum seem unanimous in recommending an assessment of current security and an investment in planning and purchasing of security technology. The cost in money, time and reputation far exceeds the money and time in preparation.
Author: Richard T. Moore has served in both elective and appointed public office at local, state, and federal levels of government. He served for nearly two decades each in the Massachusetts House and Senate, as well as being chosen as President of the National Conference of State Legislatures. He also served in Washington, DC as Associate Director of FEMA in the Clinton Administration and as a Presidential Elector in 1992. A former college administrator and adjunct assistant professor of government at Bentley University and Bridgewater State University, Mr. Moore is a long-time member of ASPA serving terms as Massachusetts Chapter President and National Council member. He is currently a member of the Board of Trustees of Nichols College. His email address is [email protected].
(No Ratings Yet)
Loading...
Cybersecurity Threats Are Not Just a Problem For The Big Players
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Richard T. Moore
November 11, 2019
If you manage a small municipal government or company, you’re a potential target for cybercriminals as much as or more than the federal or state government or a Fortune 500 company. That was one of the key messages presented at the 2019 Massachusetts Cybersecurity Summit held at Nichols College in Dudley, Massachusetts on October 16. Prior to presentations about what municipal and small business leaders can do to reduce the risk of becoming a victim of cybercrime, a local official from the Massachusetts town of Charlton (with a population under 14,000) explained the devastating impact of cybercrime on a small town.
Charlton, unfortunately, is not the only small community to become a victim to hacking, but the impact is illustrative of the fact that no one is exempt. The Worcester Telegram and Gazette reported on September 23, 2019:
State Scoop writer, Eddy Bobritsky, in an article published April 17, 2018 explained the threat to smaller communities. He wrote:
When a community or small business is unable to access their computer system, much of their operations come to a halt. Public safety can be compromised. Taxpayer data can be exposed. Critical infrastructure like water and sewer systems can become public health nightmares. Certainly, paying cybercriminals the demanded ransom can encourage more hacking and added cost. The reputation of local government or businesses can be severely damaged. Even communities that have reasonably good security systems to protect their technology may be at risk. As several speakers at the Nichols College Forum stated, having back up files that are not connected to the main system might be a good insurance plan compared to reconstructing data files from memory or other sources.
CDW-G, an Illinois-based provider of technology products and services, is among the companies serving governmental entities, such as K-12 schools, universities, non-profit healthcare organizations, state governments, local governments and the federal government. CDW-G has suggested six components of an effective cybersecurity incident response plan. They are:
1) Preparation: A written plan articulating how the entire company or municipal government will respond to a threat or breach with assigned roles and areas of responsibility.
2) Identification: Determining the types of threats by using internal measures or third-party software.
3) Containment: Preventing a breach from spreading to other parts of the organization.
4) Eradication: Having a third party investigate and eliminate the threat.
5) Recovery: Getting systems back running.
6) After Action Assessment: Determining steps needed to prevent another breach.
Among the key insights noted in the CDW report that highlight the urgency for municipalities and small companies to prepare of cyberattacks is, “Fifty percent of organizations today reported widespread impact of breaches compared to only twenty-five percent in 2017.” They also report that the majority of organizations say that malware is their chief cybersecurity concern and add that less spending on IT might well contribute to more breaches.
Whether ready or not, cybersecurity threats exist and are becoming more sophisticated. Experts cited in countless articles and at the Nichols Cybersecurity Forum seem unanimous in recommending an assessment of current security and an investment in planning and purchasing of security technology. The cost in money, time and reputation far exceeds the money and time in preparation.
Author: Richard T. Moore has served in both elective and appointed public office at local, state, and federal levels of government. He served for nearly two decades each in the Massachusetts House and Senate, as well as being chosen as President of the National Conference of State Legislatures. He also served in Washington, DC as Associate Director of FEMA in the Clinton Administration and as a Presidential Elector in 1992. A former college administrator and adjunct assistant professor of government at Bentley University and Bridgewater State University, Mr. Moore is a long-time member of ASPA serving terms as Massachusetts Chapter President and National Council member. He is currently a member of the Board of Trustees of Nichols College. His email address is [email protected].
Follow Us!