U.S. municipalities face barriers to improving data security
As organizations around the world tried to contain a widespread ransomware attack, a new report paints a disturbing picture of cyber security preparedness at the local government level.
The inability to pay competitive salaries, insufficient cybersecurity staff and a general lack of funds is preventing municipalities from achieving high levels of data security, according to the International City/County Management Association (ICMA), which, in partnership with the University of Maryland Baltimore County, just released a study of cybersecurity preparedness.
The goal of the report was to assess local government cybersecurity practices and readiness, including what capabilities that cities and counties possess, what kind of barriers they face and what type of support they have to implement cybersecurity programs.
“The public sector pays considerably less than the private sector for cybersecurity expertise, which places further pressure on local governments to fund compensation in this explosive industry,” the study noted. “Currently this booming field has zero unemployment and one million unfilled jobs, and experts estimate that the shortfall will reach 1.5 million by 2019.”
When asked to rank the top three things most needed to ensure the highest levels of data security for their local governments, respondents cited greater funding as number one, better cybersecurity policies as number two, and greater cybersecurity awareness among government employees as number three.
“As local governments become increasingly reliant on technology and the Internet, they must also become increasingly diligent about the security they provide for the data and information they collect and manage,” said ICMA Executive Director Marc Ott. “Because the costs to restore compromised data are staggering local governments must understand what resources they need to achieve their cybersecurity objectives and ensure the safety of their data.”
Meanwhile, a widespread ransomware attack that spread rapidly around the globe on Friday was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to return as many computers remain at risk.
Extortionist hackers who may be using leaked computer exploits from the U.S. National Security Agency infiltrated computers in dozens of countries in a fast-spreading attack that forced British hospitals to turn away patients and breached systems at Spain’s Telefonica SA and organizations from Russia to Taiwan.
The ransomware used in the cyberattack encrypts files and demands that victims pay $300 in bitcoin for them to be decrypted, the latest in a vexing style of security breaches that, at the very least, forces organizations to revert to backup systems to keep critical systems running.
The malicious software has infected more than 75,000 computers in 99 countries worldwide on Friday, most of them concentrated in Russia, Ukraine and Taiwan, according to Dutch cybersecurity company Avast Software BV.
The ransomware, called WanaCrypt0r, affects computers that haven’t applied Microsoft’s two-month-old fix, a reminder that individuals and organizations that don’t routinely update their machines are vulnerable.
Bloomberg News contributed to this report