As Flagstaff Unified School District continues to recover from last week’s ransomware attack, the incident has highlighted the growing threat of cybercrimes on local municipalities and public agencies.
According to a study published at the end of August, more than 70 municipalities have been hit with ransomware so far in 2019 alone.
The attack on FUSD and the growing regularity of these incidents begs the question: how could a similar have affected the city?
In the case of FUSD, the attack meant schools closed for two days and a number of computers scrapped, with the possibility that some FUSD employees may have lost data.
A cyber attack against the city of Baltimore in May shut down many basic services for nearly two months including many employees ability to use email, the ability of residents to pay bills online and halted real estate transactions. In the end, Baltimore did not pay the ransom but still spent over $18 million as it recovered services.
A similarly high profile cyber-attack rocked the city of Atlanta in 2018.
If an attack hit Flagstaff, City IT Director CJ Perry said residents could see similar losses in services.
“Many of our programs have paper processes as a backup, but it would be slow and cumbersome, Perry wrote in an email. “Additionally, many employees would struggle to do their job effectively until the systems were restored.”
Wesley McGrew, Director of Cyber Operations at the cybersecurity company HORNE Cyber, said for small governments, it is no longer a matter of if a cyber intrusion will occur, but when.
“These attacks are going to happen,” McGrew said, adding for hackers, successful attacks come down to a numbers game.
You have free articles remaining.
Hackers often set up systems that probe for vulnerabilities in the software that cities use en masse as well as releasing emails with the hope that some city employee may click on a suspicious link or attachment.
Municipalities and local agencies, which are often understaffed and working with few resources, are particularly vulnerable, McGrew said. It doesn’t help that a number of municipalities have opted to simply pay ransoms to get data back, making smaller cities look like good targets, he added.
All this means it is important municipalities prepare for when an attack eventually does occur. Generally, McGrew said that means backing up data on separate servers unconnected to those a municipality will use day to day.
Perry said the city takes a “you can’t stop ransomware” approach and goes from there, and pointed at the attacks on Baltimore and Atlanta as examples of how these attacks are almost impossible to fully prevent.
Nonetheless, Perry said the city is working hard to improve their own cybersecurity both on the front end -- addressing vulnerabilities -- and on the measures in place when an attack does happen.
Perry said the city has invested $150,000 over the past two years in training and security tools and has also developed a disaster recovery plan. Flagstaff City Council also funded a new position dedicated to information security in this fiscal year’s budget.
Additionally, Perry said the city tracks the number and kind of attacks as they come in.
“Most people don’t realize that almost all organizations are being cyber-attacked in some fashion almost constantly,” Perry wrote. “We closely monitor the types of attacks that are attempted on a regular basis, as well as where they are coming from, and adjust our security appropriately.”
Perry said after FUSD has more time to recover, he and the school district’s IT Director Mary Knight are planning on sitting down to go over what lessons could be learned from the incident both by the district and the city.