Local Governments Should Augment Cyber Resilience to Mitigate Cyberattacks

Three Solutions to Mitigate Breaches

To truly prepare for cybersecurity breaches, local governments should seek guidance and expertise through a gap analysis and create an incident response plan. They can apply for federal grant funds to assist, and they can turn to a managed service provider who has technical expertise in what they may require.

Many small governments might not have enough technical knowledge to fully understand how to best prepare, and they may benefit from partnerships. A contractor can provide a part-time CISO who can help. While security requirements will differ from one enterprise to another, we see some common needs among many governments, particularly when it comes to three specific tools.

READ MORE: Here is how Microsoft Windows 11 helps to defeat ransomware.

First, local governments should consider acquiring an advanced email security solution. Governments often face cyberattacks through phishing, where a bad actor attempts to produce an email that looks official to entice a government employee to click a link. Once that link is clicked, a phishing attack can execute inside a government environment. Phishing attacks have really evolved in recent months due to artificial intelligence, so it is important to use a strong email security tool.

Second, governments should take care to protect access to their systems, and that usually begins with Microsoft Active Directory. Should Active Directory face a compromise, bad actors can shut down systems and cripple government operations.

Third, counties and cities should institute extended detection and response. By using XDR analysis and automation, cities can monitor their networks around the clock. XDR can quickly detect anomalies and breaches and stop an attack before too much damage occurs.

Prepare Today to Avoid the Cost of a Future Breach

I analyzed some significant breaches in attacks against local governments in big cities such as Atlanta and Baltimore and smaller municipalities such as Lake City, Fla., to determine the worst-case scenario for how much a cybersecurity breach could cost.

Estimates can be derived from the most well-published and egregious ransomware attacks and costs calculated for the worst cases per 10,000 citizens. These are some of the highest examples of real costs associated with a breach and are published because of their high dollar values and profiles.

Combined, using published examples, at worst case a municipality could be liable for up to $317,000 per 10,000 citizens from a ransomware attack. While this is not a standard for all municipalities, it does showcase the potential losses and costs in the most extreme circumstances, not counting the interruption of key services and eroding citizen confidence.

Immediate incident response costs: Up to $50,000 for the immediate breach response, including cybersecurity expert consultation to investigate, identify and contain the breach

System recovery costs: Up to $100,000 for IT staff and external contractors, software licenses and hardware replacements for system restoration

Legal and regulatory costs: Up to $200,000 for potential legal fees, settlement costs and regulatory fines due to legal actions and noncompliance penalties

Notification costs: Up to $100,000 for notifying affected individuals through mailings, call centers and providing credit monitoring services

Increased security measures: Up to $250,000 for the initial investment in enhanced security measures, including cybersecurity software, hardware upgrades and training programs

Reputational damage: Up to $100,000 for lost revenue due to reduced trust from residents and businesses, considering a hypothetical 5 percent decrease in certain revenue streams

That’s roughly $800,000 in damages a city could avoid or minimize with strong cyber resilience measures. Cities should start their assessments and planning today to reduce their risk in the future.

This article is part of StateTech’s CITizen blog series.