We all live and work in a digital world, and that world is fast becoming an even more dangerous one. Today’s hackers and scammers are smarter, more creative, and more proficient at getting the information, and oftentimes the money, they want. Much of that information, unfortunately, is housed and used by state and local governments, including public school systems. As such, today’s continuity planners must work with their IT departments and others to protect their municipality’s precious data and the people they serve. That means taking cybersecurity into consideration when developing or updating their Operations Plans (COOPs), Emergency Operations Plans (EOPs), and even their All-Hazard Mitigation Plans (HMPs).
Ransomware is a costly threat.
According to experts, ransomware poses one of the greatest risks to municipalities large and small. Ransomware, as the name implies, is a type of malicious software that blocks access to computer systems or data (usually by encrypting it) until the victim pays money, and sometimes a lot of it, to the attacker. A lot of times, the ransom demand comes with a deadline, meaning if the victim doesn’t pay on time, the data is gone, and gone for good.
Just last month (June 2019), the City of Riviera Beach, Florida, agreed to pay $600,000 in ransom to hackers who paralyzed its computer systems. The City of Baltimore, Maryland, and more specifically, its Committee for Public Counsel Services, experienced a similar, but vastly more costly attack back in May 2019. It ended up costing the City roughly $18 million to repair damages.
Other municipalities across the country have felt the sting from ransomware too. Among them are Greenville, North Carolina; Augusta, Maine; Licking County, Ohio (where the police department was targeted in 2017); and Imperial County, California, to name just a few.
If you think such an attack can’t (or won’t) happen to your municipality, think again. Recorded Future, an internet technology company specializing in real-time threat intelligence, identified 53 ransomware attacks against state and local agencies in 2018, up from 38 the year before. As of April, the company had spotted 21 such attacks in 2019. And, that’s just from with the sparse data that’s available nationwide, as ransomware attacks often go unpublicized.
Don’t get caught off guard.
Mitigation and preparedness are key to avoiding, addressing and overcoming a cybersecurity attack. Take the standard precautions of using antivirus/antispyware software; keeping your operating systems and applications current; adopting a formal internet/email policy; and training employees in basic cyber security principles. Also, have a plan of action in place for when and if your municipality falls victim to cyber criminals.
But, don’t just put the plan in writing. Put it to the test. Consider adding a cyber scenario to your next COOP/EOP exercise. It’s a simple and inexpensive way to assess and improve your organization’s cybersecurity preparedness.
With 10,000+ plans under its belt, BOLDplanning Inc. is the preeminent developer of online software for Emergency Operations Planning (EOP), Continuity of Operations/Government Planning (COOP/COG), Business Continuity Planning (BCP) and Hazard Mitigation. The company’s highly credentialed team of experts are also well-versed in facilitating HSEEP-compliant exercises to help ensure organizational preparedness for cyberattacks, natural disasters and other disruptive events.