The Dangers of Insecure Municipal Board Communications

Lena Eisenstein
Tags:
The media continues to find no shortage of material for stories on data breaches. What's different about recent stories is that cybercriminals are changing their mode of attack to different and unsuspecting targets, and they're targeting less in financial gain and more in sensitive information. This is sad news for local governments that are now at significant risk for data breaches. Insecure board communications at the municipal government level can cost local governments an immense amount of money and legal expense. More importantly, data breaches negatively impact public trust.

Cybercriminals Shifting Their Attacks, Leaving Local Governments Vulnerable

In early cyberattacks, cybercriminals centered their focus on banks and large corporations. As warnings about cyber threats permeated the financial sector, banks and other strong institutions invested more of their money in cyber defense efforts, creating larger barriers to attacks. Cybercriminals that attacked government sites did so primarily with political motivation.

With their prospects for big financial enterprises as targets dwindling, cybercriminals are looking for the low-hanging fruit, which is essentially smaller targets with fewer defenses that are easier to break through. Small corporations and local governments follow the same governance principles as larger corporations. The Securities and Exchange Commission (SEC) has issued strong suggestions for corporate boards to actively engage in cybersecurity measures. The SEC makes it clear that corporate directors bear the responsibility for preventing cyberattacks. The same holds true for municipal government boards.

How Great Is the Risk of Data Breach for Municipal Governments?

According to the 2017 Verizon Data Breach Incident Report, public entities fall right behind financial corporations and healthcare services, making them the third-most-targeted sector of data breach victims. The report also highlights that 81% of reported public-sector breaches were a result of cyber espionage, insider threats and other technical errors. These statistics are especially high considering that many attacks go unreported.

Municipal governments not only need to protect themselves against serious threats from outside actors. They also face threats from internal sources due to negligence, incompetence or internal crimes.

Municipal governments reach a broad base of citizens, making them a prime target for hackers. Municipal governments also control access to critical data and systems. Local governments store personal and financial information on local residents and government employees. Local government boards control many facets of local infrastructure that are vital for local safety and economics.

Unfortunately, large numbers of local government boards are unaware of their vulnerability ' and even less aware of how to address the problem. For this reason, cyberattacks against municipal governments will likely continue to rise in prominence and frequency.

Recent Cyberattacks on Governmental Entities

Cyber threats became a reality for Atlanta, GA, citizens on March 22, 2018, when cybercriminals took hostage a portion of Atlanta's government data and systems. Thieves demanded $51,000 in bitcoin in exchange for decrypting data. It was a successful attack that compromised several portions of the city's digital infrastructure.

The city of Baltimore stands as another victim of cybercrime. Just days after the attack in Atlanta, cybercriminals took the city's 911 dispatch system offline, leaving the city with a seriously compromised emergency system. IT staff was able to quickly isolate the affected server and take it offline in order to restore the city's emergency functioning.

Cybercriminals took a slightly different approach when they attacked the town of Brookhaven on Long Island and 76 other government sites. In all cases, they hijacked government websites and replaced their content with ISIS propaganda, frightening local citizens. The Supervisor of Brookhaven stated, 'If government can be cyber-hacked, all of America is at risk.' It remains unknown whether the criminals were truly connected with ISIS and whether they acted from inside our country or from abroad.

As these incidents show, the costs to bring systems back could be boundless. With threats continually looming, municipal governments should take steps to prevent the loss of sensitive, private data and unauthorized access to their local government infrastructures.

In their quest to protect their citizens, local governments need to be proactive about identifying new types of threats, particularly as governments move toward smart city technologies. For example, cybercriminals could attack a digitally based tax collection system, which could cost municipalities immense amounts of money in damages, not to mention the cost of complicated and time-consuming response processes. The costs of unprecedented, looming threats may be more damaging than what we've seen so far.

Municipal government staff and officials will need to work with IT managers to obtain the right programs and platforms that protect local government systems and their citizens.

Board Management Software Systems and Transparency Portals Provide Security

There's no question that municipal boards will be left holding the bag if their governments get victimized by cybercrime. The board is responsible for cyber risk, understanding the legal implications of data compromise and continually measuring the effectiveness of the municipality's security strategy.

The reality is that even if municipal boards are aware of the risks of cyberattacks, in most cases, they haven't identified a cost-effective, efficient solution. While municipal governments can't control the risk of a cyberattack, they can be proactive so as to prevent risks and control their response if an attack occurs.

Community by Diligent offers a government software solution designed with the unique needs of municipal governments in mind. Community by Diligent streamlines the process of preparing agendas, managing meetings and managing records on a highly secure digital platform. Community by Diligent also offers a highly secure Transparency Portal, where citizens can safely interface with their local government using a secure platform. The safety and security features are built into the software solutions so municipal government boards don't even need to think about it. The software solutions by Diligent are cost-effective and efficient while providing the necessary strong security, transparency and accountability that support good governance principles. Community by Diligent also supports municipal governments' attempts to build an internal culture of cybersecurity awareness, which is the first line of defense against potential cyberattacks.

Third-party threats and cyberattacks can present a risk of long-term damage that would be difficult for local governments to overcome. Municipal government boards would be remiss not to consider the dangers of insecure board communications in all aspects of board business. The cost of implementing a government software solution like Community by Diligent is the best defense to protect your local government from the financial and reputational risk your municipality faces every day.
Related Insights
Lena Eisenstein
Lena Eisenstein is a former Manager at Diligent. Her expertise in mission-driven organizations, including nonprofits, school boards and local governments, centers on how technology and modern governance best practices empower leaders at these organizations to serve their communities with efficiency and purpose.