Ransomware presents a growing threat to vulnerable local governments

In the past, cities and counties were not a prime target for ransomware attacks, says Rahul Mahna, a partner who leads the Outsourced IT Services team at Eisner Advisory Group LLC. The company is a licensed independent CPA firm providing tax and business consulting services to their clients, which includes governments. Mahna has more than 20 years of experience in cybersecurity and information technology.

“Local governments have been a unique entity in the cyber-security landscape because of their lack of ability to pay ransomware,” Mahna explains. “Traditionally they did not have the abilities to easily transact a payment to a malicious actor, so they were not as highly targeted.”

But times have changed, and today, cities and counties face ransomware attacks. Mahna notes that public sector entities lack resources to combat cyber threats. He says this is due to tighter state and local budgets. What’s more, local governments remain vulnerable. “It’s our belief in the coming years this will increase as the bounty moves from transactional cash payments to more instances of potential damage to local governmental records. With deep-fake abilities to mimic voice and handwriting improving, the threat objective can change very quickly.”

Mahna says email interactions are where bad actors often get a foothold to attack public sector IT systems. “In our experience, many local governments have employees that have been in their positions for many years. Although they have key historic knowledge, they have not necessarily been trained and educated on the latest technologies and cyber-security threats. It is our position that the employees (and their periodic training) are a wonderful area to focus time and money for a local government to improve efficacy and security to the whole community.”

He says instructing employees can help reduce the potential of a ransomware attack on public entities: “We have consistently encouraged more email training for users on what they should look for. The more employees are trained, the better first line of defense to protect the organization.”

To read the complete article, visit American City & County.