Do you believe that you don’t need cybersecurity protection for your city? Think again. California municipalities are the most heavily targeted by cyber criminals, according to the FBI.
Without trained cyber experts on your team, you’re vulnerable before, during, and after an attack, simply because your provider doesn’t have the experience or ability to protect your organization against these external threats.
Even with some IT support, not having a cybersecurity service provider who is monitoring your system 24/7 can leave you open to threats. Cyberattacks are on the rise, and increasingly, cities and their infrastructure are being targeted. In 2019, municipalities saw a 60% increase in ransomware attacks and during the COVID-19 pandemic, that number has grown.
There Are Three Different Ways That an Attack Will Unfold:
- No resistance
A cybersecurity threat penetrates your system and encounters no resistance. The attackers are left to help themselves to your data as their presence goes undetected for days, weeks, or even months at a time.
- IT is asleep at the wheel
Even if you have some IT support, if it’s not there immediately following a breach, you’re still vulnerable. If a breach happens in the middle of the night and your IT team doesn’t follow up until 9 a.m., those are hours of unfettered access that can’t be revoked.
- The right support
With robust support from a managed IT service provider that has entrenched cybersecurity expertise, the provider is notified as soon as unusual activity is detected or a known threat infiltrates your system. They can spring into action right away to mitigate the threat and contain the damage. This helps limit downtime and protects your staff and stakeholders. Your IT provider will also have put into place essential recovery elements, such as secure off-site backups.
Given the choice, most cities, municipalities, and businesses would choose option #3.
Here’s why moving past a single IT manager can offer more protection to your city infrastructure, staff, and stakeholders, for security before, during, and after a breach.
The Importance of Really Good IT Support
Recently, DiamondIT was called to help the municipality of California City, a small city located in Kern County, California. In the past, the city had relied on a single IT manager to oversee their network and provide help desk support, all while trying to maintain the city’s legacy security posture.
Because of ongoing issues with servers crashing, the network going down and all computers being disparate, the city initiated a conversation with DiamondIT for managed IT services. While waiting for the annual budget that would pay for their services to pass city council approval, Cal City’s need became dire.
Things slowed down and started acting up again. It was business as usual for the city of approximately 13,000. Days later, everything stopped working. The computers, network, servers and applications were all out. Unable to reach their current IT provider, and assuming it was a server outage, city personnel called DiamondIT in to get them back online.
Under our service manager and virtual chief information security officer’s lead, we quickly discovered the server outage was in fact ransomware that had taken control of California City’s whole network. The ransomware had spread out of control and it took the DiamondIT team one week to get the city back online and nearly three weeks to recover every file and email that had been lost. This was only possible because the city had secure cloud-based off-site backups for all their files and data. Without it, they would have lost all of their files to the attack.
During those two weeks, the city was at a complete standstill. Most critically, they couldn’t accept payments for their water service – a chief source of revenue. They also could not run payroll. They cut 120 paper checks and once everything was restored, spent hours reconciling payments with hours worked.
Why Cities Need Strong Cybersecurity Now
Although the DiamondIT team was able to rectify the breach and get California City back online, their week of downtime shows that it’s important to have an expert on your team — not just after a breach, but before it as well. With proper alerts and notifications, containing the breach would have been much simpler.
Cities and municipalities have a responsibility to their constituents to secure strong IT support before they’re the target of a breach. When the network is down, city staff can’t serve residents, and in many cases, this leaves them unable to pay taxes, or even obtain essential city services like water, law enforcement or first responders.
Even after the network comes back online, it can still leave a city vulnerable to compliance violations because of lost records, privacy violations, and more. If sensitive health information is compromised, this could trigger HIPAA violations, opening up the city to substantial fines and other penalties.
Picking the Right Managed IT Services Provider
Picking the right third-party managed IT services provider has never been more important. A city with a single IT manager is vulnerable. It’s difficult for one person to keep a city safe from cyberthreats while still running day-to-day IT operations. It’s also unlikely that a single IT person has expertise in network security and help desk services.
Worry-Free IT at economies of scale
Instead of a single internal provider, a team like DiamondIT can help offer the cybersecurity expertise your city needs to stay safe at economies of scale. Instead of a patchwork solution, you’ll get consistent IT guidance, built with your needs in mind. Our experts come from a variety of backgrounds and have decades of experience you can leverage to ensure your city stays protected from external threats.
Heading up our IT teams are Jeremy Meighan, our lead virtual chief technology officer, and Cody Cooper, our service manager with an official CISSP (Certified Information Systems Security Professional) qualification. Their leadership and expertise are key to offering our clients strategic IT direction and cybersecurity that includes:
- Proactive monitoring
- Threat protection
- Rapid threat response
- Incident response planning
- Regulatory compliance
- A team of experts protecting your city