Illustration: Aïda Amer/Axios
The big picture: As cities move more of their services online and collect more data on their communities and residents, small- to mid-sized municipalities with underfunded IT departments are particularly vulnerable to ransomware attacks and associated costs.
By the numbers: The International City/County Management Association found that roughly 30% of local governments don't know how often their systems are attacked.
- Of those that could, an alarming 60% said they were being attacked on a daily — if not hourly — basis.
What's happening: When a city is attacked, critical services such as tax management and permit approval can be halted as city officials decide whether to pay a ransom or rebuild a system.
- Paying ransom can quickly restore operations, but nearly 60% of citizens object to such action.
- Riviera Beach, Florida, recently paid attackers around $600,000 to regain access to its systems.
- Rebuilding a system, meanwhile, is typically more expensive and can take months.
What's needed: Residents largely do not want municipal funds paid out to hackers, so if cities are going to rebuild, their new systems should have built-in defenses.
- A cybersecurity policy gaining traction among municipalities is Zero Trust, which operates on the assumption that anything inside or outside of a corporate network including data, devices, systems and users is a security risk.
- How it works: In a Zero Trust system, administrators use technologies including end-to-end encryption, multifactor authentication, identity access management and analytics to control access.
What to watch: The U.S. government is starting to invest in Zero Trust pilot programs, including a recently announced project with the Defense Information Systems Agency and U.S. Cyber Command.
Alan Duric is the co-founder and CTO/COO of Wire, a secure collaboration platform.