The pace and number of cyber-attacks against municipalities and school systems is staggering and likes of which we have never seen. Municipalities and school systems are obvious targets for cyber criminals as it is well known that resources are scarce to implement measures to combat cyber-attacks.
Nearly all of the attacks that we’ve written about or are following are caused because an employee has clicked on a phishing email that contained malicious code known as malware. A form of malware is ransomware, which locks the system so no one can access it.
If that employee had not clicked on that link, the attack would not have been successful. Hackers are inherently lazy and will not keep trying to get into a locked door. They will move on and find the next open one.
These incidents will continue to happen because local governments do not have adequate resources, so another step is to arm employees with knowledge and education about how they can be part of the solution and don’t click on malicious code.
The City of Ridgefield, Connecticut is on the right track. They know how important employees are to protecting data. They are providing their employees with education about data security, including phishing attacks, and testing their employees without their knowledge. https://www.wnpr.org/post/why-are-ransomware-attackers-targeting-local-towns-and-schools. This is a good start and way that municipalities can start to prevent these attacks from locking down their system.
Another idea is to put resources into a data back up system so that when the attack occurs, the municipality or school system can restore the data instead of paying a ransom.
The reality is that these attacks will continue. Putting measures in place to prevent and restore systems when they happen will diminish the chaos that occurs following a successful attack.