• Cities struggle to stay ahead of cybercriminals

    By: Christopher Heath


    Two Florida cities found out this year just how expensive it can be to get locked out of your own computer systems by criminals.

    In June, Lake City paid out a bitcoin ransom of $460,000. Then, weeks later, Riviera Beach paid out $600,000 to hackers after its system was locked down with a ransomware virus. In each situation, an anonymous hacker locked down the computer system, holding it ransom for a specific payment, only unlocking the data after payment was made. 

    “Ransomware is exactly what it sounds like. It is ransom based on malicious software,” says Professor of Cybersecurity Dr. Gary Kessler of Embry-Riddle Aeronautical University in Daytona Beach. “What happens is somehow the software get into the network, and the people who run the ransomware offer you a key to unlock your files.”

    Cities have proven to be target-rich environments for hackers since most municipalities have tight budgets but also can’t afford to remain offline for a large portion of time.

    “While the policy is, and should be that you don’t pay bad people, the reality is, it is going to cost you way more to not get your files back,” said Kessler.

    In Central Florida, many cities and counties carry an insurance policy to protect against ransomware. The policy, like most insurance, covers the cost of recovering data if a city is hit.

    In Seminole County, new employees are given the county’s security policy during orientation, as well as access to a 24-hour hotline to report suspicious activity.

    “Seminole County has been monitoring the recent cyber incidents that have affected municipal governments,” wrote Seminole County Community Relations Officer Ashley Moore in an email. “These incidents highlight the role technology has in providing services to our citizens. Seminole County mitigates these threats by providing employees relevant information and access to resources, investing in technology and personnel, and working with other agencies and partners to prepare should an event occur.”

    “Volusia County Government believes the most effective tool for preventing ransomware attacks is user education,” wrote Volusia County Community Information Specialist Pat Kuehn. “In addition to educating our users, the county uses multiple layers of technical security, to assist with protection and (if necessary) remediation. The county keeps multiple copies of system backups both on-site and off-site.  An array of firewalls, anti-virus and anti-spam services are kept continuously updated.”

    For counties and cities, this level of protection is necessary given how large of a target they are, and as Orange County reported how often counties are targeted.

    “Every day, Orange County Government receives anywhere from 30,000 to 40,000 intrusion attempts into its networks. Every month it blocks more than 16 million emails containing malicious software, 93 percent of which contain ransomware,” wrote Orange County Senior Public Information Officer Doreen Overstreet.

    Next Up: