Recent attacks on city governments have not only provided their attackers with revenue from scams, data breaches, and data held ransom, but have also drawn the attention of other cybercriminals.
If you were a smart cybercriminal, you’d be wanting to find victims that meet a few criteria:
- Relatively vulnerable to attack
- High-Profile (particularly in the case of Ransomware)
- Have lots of valuable data to steal/hold for ransom
- Deals in large monetary transactions
City governments across the U.S. have been the victim of countless attacks over the last number of years. It’s because they are one of the few organizations that meet all the needed criteria.
- Vulnerable to Attack – Cities usually run as multiple departments with disparate technology and processes, keeping IT from having an ability to centrally ensure security measures are implemented.
- Lots of Data – Cities deal in people and money. That means lots of personal and financial data.
- High-Value Transactions – The business of a city is at a level where millions of dollars are spent every year. So, hijacking a single transaction between, say, a city and one of their contractors can potentially be in the hundreds of thousands or more.
City governments need to focus their efforts on making themselves less vulnerable to attack. This is accomplished by establishing consistent security measures across the entire city network. Patching endpoints, servers, and applications is a good start. Protecting users from malware attacks with email and web scanning is another. But the weakest link is the user. Implementing continual Security Awareness Training will make users understand the need to be vigilant against cyberthreats and social engineering.
In nearly every recent news story about a city being the victim of an attack, the source of the attack was an unwitting user who fell prey to a phishing scam. Security Awareness Training works to eliminate the user as an attack vector, shoring up an organization’s security and protecting it from harm.