While the tools attackers use once in the victim’s network are quite sophisticated
Getting into the network in the first place is often done with low-tech phishing emails. The attacks have infiltrated foundational departments within the community including education, law enforcement, city operations, and healthcare. Through social engineering, a single click can expose an entire database of sensitive information to bad actors or allow bad actors to hold the entire network hostage. The result of this is often millions of dollars in financial losses, along with the theft of thousands of invaluable confidential records.
The research gathered reveals that phishing attacks cut deeper than just the financial burden of ransomware or a Business Email Compromise (BEC) attack. Other losses include sensitive data and information, Denial of Services (DoS), and the broken trust of citizens and stakeholders. The credibility of government institutions is jeopardized, causing even greater inflation of resources used to overcome such damaging fiscal setbacks.
The preferred method of attack against these organizations is ransomware; a vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. If defenses fail, a city could be stuck paying the cost of a ransom or losing vital information needed to provide services to the community. In 2020 alone, ransomware attacks against U.S. government organizations impacted 71 million people and carried an estimated price tag of $18.88 billion in downtime and recovery costs.
The data reveals that state and local governments are struggling to keep their heads above water. The weakest areas include a lack of support from top officials, “inefficient” to “no user end training at all,” and “too many network/IT systems”. The answer is not just to have great IT systems, but to have personnel who are trained to recognize the threats, giving the IT department support in creating a human firewall.
Municipalities are responsible for safeguarding sensitive information and confidential files. With such liability comes possible vulnerability. In November 2020, Delaware County, Pennsylvania, was hit with an email that triggered a ransomware event that forced them to pay a $500,000 ransom. This cost did not include the cost of downtime or the costs of remediation, which often runs into millions of dollars.
With the increasing rates of cyber attacks on our institutions across the state and local level, a deep dive into the data revealed the massive economic impact broken down into five target areas of focus:
• The average financial loss from state and local governments
• The denial of service to citizens due to financial loss
• The frequency/types of attacks and the risk of recurring attacks
• The challenge of allocating capital to prevent attacks
• The decline of economic investment in municipalities
THE AVERAGE FINANCIAL LOSS
Municipalities are ideal targets for cybercriminals, as they provide many essential services to citizens. These services require a financial infrastructure that is supported largely by taxpayers and the federal government.