Cybercriminals of today often tread the path of least resistance, and many times they find that cities and states (and our U.S. government!) are that path. One state’s Dept. of Revenue recently sustained a security breach that affected 3.8 million taxpayers who had their social security numbers exposed, along with other personal information. This attack was traced to a single “phishing” email delivered to a government employee that allowed hackers to access the state’s computer network. Long story short-this one government employee clicking on one malicious email cost the state as much as $12 million in credit monitoring services, not to mention the other costs.
Municipalities have control over millions of records containing sensitive personal information, but also have tight budgets and are reluctant to increase spending on cybersecurity. However, they must conduct themselves just like any other business when it comes to cybersecurity by recognizing the threat existence and preparing for breach avoidance, breach mitigation, and breach recovery. Good cybersecurity education and comprehensive cyber insurance goes a long way in helping municipalities meet these goals.