Cybersecurity for Municipalities
Nearly 1000 US government agencies were affected by ransomware attacks in 2019. These attacks affected a variety of municipalities, including those in New Jersey. This staggering number shows how prevalent ransomware and other cybercrime has become. Throughout 2019 in New Jersey alone, according to the FBI’s internet crime report, there were about 9067 cybercrime victims, leading to losses totaling $106, 474, 464. These attacks occurred across various NJ municipalities, with many targeting government agencies. These attacks are terrible for government agencies and cause untold monetary losses, data losses and massive decreases in worker productivity. While these cyber attacks are terrible, insufficient cybersecurity is often partially responsible for these attacks. Below, we will highlight some major attacks in NJ municipalities and then explore what can be done to prevent such attacks in the future.
NJ Municipalities Cyber Attacks
In 2017, hackers disabled Newark’s computers and were paid a $30,000 ransom by the city. Another NJ municipality was swindled out of $40,000 when they received a fraudulent email which urged them to transfer bond anticipation note payments to a fraudulent account. At least 36 NJ municipalities have been the victims of cybersecurity attacks in the past couple of years. This has led to increased awareness about the issue of cybersecurity and municipalities are now paying closer attention.
Insufficient cybersecurity and a lack of established best practices across NJ municipalities have not helped with the rise in cyber attacks in recent times. Lack of funding to pay for cybersecurity measures and training is a big issue that leaves these municipalities somewhat open to being attacked. If this is rectified, it would go a long way towards preventing the detrimental effects that cyber attacks have on a municipality. In this digital age, lots of municipal services rely on computing services. They are severely impacted during a cyberattack so investing more in cybersecurity is a must. In addition, a robust backup and disaster plan should be established where files and data are backed up, onsite and offsite, several times per day to ensure that data can be recovered quickly in the event of a cyber attack. A cybersecurity incident response plan is also imperative.
Cyber Attack Prevention
In many cases, some government agencies show a disregard for cybersecurity laws and regulations and don’t apply them. Compliance with regulations such as HIPAA, PCI, DSS, and SOX, is one of the first steps that should be taken to ensure increased safety in a volatile cybersecurity environment. Moreover, a robust cybersecurity policy and a disaster recovery plan should be in place. Risk assessments should also be carried out and sensitive information should be encrypted in transit and at rest. In addition, you should ensure that your IT infrastructure is as up to date as possible, since older technology and software is more likely to be vulnerable to hacks. Finally, educating employees on cybersecurity is invaluable. Things like knowing to avoid clicking suspicious email links may seem straightforward but many don’t see the harm in this, so it must be stressed.
Municipalities, such as those in NJ, may seem like low hanging fruit and easy targets for hackers. However, these municipalities will feel the effects of an attack more than a bigger company and need to invest more time, effort and money into defending against cybersecurity attacks. Increased funding, employee cybersecurity awareness, ensuring regulatory compliance, and taking security measures such as keeping software up to date will prove to be invaluable for government agencies seeking to prevent cybersecurity attacks.