When the small city of Sammamish, Wash., was hit by a ransomware attack in January 2019, Stephen Schommer, a recently retired public utility IT director, volunteered to help.
“I have done dozens of tabletop exercises but never experienced ransomware firsthand, thank God,” Schommer recalls. After a few days of assessing the situation, Schommer was a little stunned by what he found. Every city server was encrypted and held for ransom, although the city of 65,000 had no intention of paying the cybercriminals. But the city’s 120 employees couldn’t do their work, and there was no IT director in place.
Sammamish had purchased an endpoint malware solution but only deployed it to 20 percent of its endpoints and a few of its servers. The city had an 8-year-old firewall with no advanced threat protection. “I realized there wasn’t any organizational structure to this,” Schommer says.
State and local governments that don’t have an organized approach to endpoint security may suffer from such ransomware attacks. Maggie Brunner, the National Governors Association’s program director for homeland security and public safety, says that there are some real haves and have-nots at the local level, depending on size. The combination of a holistic endpoint security solution and knowledgeable IT personnel on the ground can make or break a cybersecurity response. Cities and states discover that hiring critical leadership in-house or centralizing management across the...