• Cities + hacking & ransomware: what’s really going on?

    23 Aug 2019

    I do a lot of work for municipalities – cities, towns, and county governments – and I’ve concluded one thing: I don’t envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that’s what the media is currently portraying. For example, it’s on the front page of today’s New York Times:

    Ransomware Attacks Are Testing Resolve of Cities Across America

    The hacking of cities was featured in the Wall Street Journal not long ago:
    Hackers Won’t Let Up in Their Attack on U.S. Cities

    How about the absurdity of Rivera Beach, FL paying a $600,000 ransom!? Not unlike the incident that crippled my metro hometown, the City of Atlanta, last year.

    A simple Google search of “cities getting hacked” yields tons of similar stories…

    These headlines beg the question of why all of this happening to municipalities – seemingly all of a sudden. Are they that much of a target? Do they have that many vulnerabilities? Can their security be so weak that the criminals know that’s where the payoff will be? Yes, yes, and yes. But why is it we’re just now hearing about it? Well, first off, it’s somewhat of a new and unique story. That sells ad space and is good for many involved on the other side of the equation. Still, these breaches are no different than what’s happening to corporations and other types of organizations (11.6 billion records exposed since 2005!…and that’s only the tip of the iceberg given what’s not discovered and what’s not reported).

    To understand why municipalities are getting hit so hard is actually not that complicated…It’s more of a “people” problem than anything else. It’s what the late Jim Rohn once said:

    “Failure is not a single cataclysmic event. You don’t fail overnight. Instead, failure is a few errors in judgment, repeated every day.”

    To explain further, I want to point you to a new article of mine that was just published in the August 2019 edition of the Arkansas Municipal League’s City & Town magazine…just click the link below and go to page 22 of the PDF.

    Why do municipalities keep getting hacked? (see page 22)

    Here’s another piece I wrote 6 years ago that delves into this topic, including common vulnerabilities I see when performing vulnerability and penetration testing and overall security assessments for local government agencies:

    Government Security: Uncovering Your Weaknesses

    Don’t be fooled…whether you work for a municipality or you’re a citizen concerned about the privacy and security of your personal information, there’s always an explanation why these cities keep getting hacked. It’s not some magical formula for a threat that’s unique to these targets…even if the headlines make it seem that way. It’s always the good, old-fashioned security basics that everyone keeps missing – even the big corporations and federal government agencies we assume are resilient to such attacks.

    Municipal leaders: Pay attention. Address these essentials now or be doomed forever to suffer this fate.