Why are Municipalities Affected by Cyber Threats?

By Insurance CIO Outlook | Wednesday, October 17, 2018

The frequency of cybersecurity attacks in different cities in the U.S. makes it obvious that it is merely a matter of time before the others are attacked. A common entry point for these attacks is phishing, a type of fraud where the attacker masquerades as a credible entity to encourage the target to compromise security. Over 90 percent of data breaches begin with a phishing attack. Phishing spoofs can lead government workers to click on a bad link that opens a seemingly benign attachment that actually taps into a wealth of personal information. This information can be exploited, or used for attacks like business email compromise and ransomware. Several cities are purchasing cybersecurity insurance worth several million dollars in the face of rising cybersecurity crimes on local and state governments.

The major reasons for phishing to be prevalent in city governments include:

• A distracted workforce that is unable to keep up with the deluge of data received, which makes them prone to click on links that mostly lead to entertaining music, videos or images. However, roughly 1.5 million phishing URLs are created on a monthly basis to lull users into a sense of security that leads them to believe that the email has originated from their bank, insurance, or payroll provider.

• As Microsoft 365 moves email and other applications to the cloud, municipalities seek to benefit from the cost savings and improved efficiency. Office 365 provides free email security, but it is insufficient. While gateway email security is essential, it makes up only a part of the equation and Office 365’s email security needs to be augmented.

• The lack of resources is another major challenge to government officials. While the law requires government functionality to be transparent, the limited resources leave IT staff with an enormous workload and insufficient resources to prevent cyberattacks. Furthermore, any attack on a city’s servers will be a major inconvenience to several thousand people, which makes municipalities more likely to cave to attackers’ demands.

• The visibility of the target is another matter of concern. City officials want to stay in the public eye for their good deeds, but the accessibility of public figures and open government data provides information that is highly valuable in phishing scams.

• The shortage of information security experts is another cause of concern. Large companies pursue top IT talent, which makes it difficult for municipalities to hire and retain experts.

Municipalities can carry out steps to protect themselves better against cyber attacks, which go beyond merely buying expensive insurance policies. It is essential for them to remember that email security gateways are insufficient in themselves, and while they may repel threats and spam invasions, they might not be able to block targeted and socially engineered attacks. Moreover, even with the wealth of information possessed by IT staff and employees, they might not be experts at email security and lack the time to review each suspicious email. The threats require a unique approach consisting of a layer of security that protects users after the email arrives and incident response systems that come into play when malicious emails are detected in the inbox.

New Editions