Why You Need to Update Your Cybersecurity Right Now
By Thomas Kennedy, CPA
Partner, RBT CPAs, LLP
The war in Ukraine is closer than you think. Recently, the White House warned malicious attacks could be just a few keystrokes away, making it critical for local governments to close their digital doors, put their shields up, and protect people, data, and infrastructure from the disruption a cyberattack can cause. What’s even more worrisome is that Russia is just one part of a much larger problem – the U.S. saw a 917 percent increase in ransomware attacks of government operations between 2020 and 2021, and last year over 2,300 local governments, schools, and healthcare providers were victims of ransomware attacks.
While it may seem like cyber criminals would be more likely to target banks or global companies over local school districts or government offices, these soft targets are attractive because they haven’t had the funding or resources to build up their defenses. What’s more, financial gain isn’t the main goal of cyberattacks – disruption is. (Imagine the chaos that can be caused by something as simple as blocking access to emergency contact information for students at a public school.)
Cyberattacks can impact everything from emergency services (including 911 call centers) to tax collections, building permits, clean water, waste disposal, and more. Going after local governments is attractive to cyber criminals because of the low hanging fruit available, like Social Security numbers and voter and tax payment information.
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) – a component of the Department of Homeland Security – issued advisories indicating government, election, energy, water, and a few other organizations are likely targets. All organizations – small and large – are urged to step up security and be prepared to respond to and mitigate the impact of potential cyberattacks. That includes training employees to help prevent attacks and conducting drills to make sure everyone knows what to do if an attack should occur.
With the approval of the $1.2 trillion Infrastructure Investment and Jobs Act (IIJA) there’s over $1 billion for improving state, local and tribal cybersecurity. Planning for and managing those funds will happen at the state level, where Governor Kathy Hochul recently announced a proposed budget of $62 million to build up cybersecurity. So, it’s important to stay in the know about what New York’s Chief Information Officer, Chief Information Security Officer, and NYS Joint Security Operations Center are up to.
In the meantime, it’s easy to agree that more needs to be done to stand up to cyberattacks. The tough questions are “What?” and “How?” Recently, the Hudson Valley Pattern for Progress kicked off a series of cybersecurity live virtual events to answer those questions and included a review of free resources available to support local governments, including:
- Shields-Up. Free tools and information offered by CISA help build resiliency and focus on critical infrastructure sectors. They offer a security evaluation; a phishing campaign assessment; a vulnerability scanning service; and a cyber hygiene scanning service . CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams by completing the reporting forms found here.
- Multi State Information Sharing and Analysis Center The center operates 24/7, providing early cyber threat warnings, malware analysis, and incidence assistance. Visit the center’s website.
- New York Cyber Incident Response Team. Access free information, resources, and services including risk assessment, phishing exercises, cyber-tabletop exercises, incident analysis, competitive grants for up to $50,000, and more. To report an incident, call 1-844-OCT-CIRT. Email firstname.lastname@example.org if you are interested in any of their services.
- Stop Ransomware manual and resources manual and resources. Breaks down risks by industry and provides resources.
To free you up to focus on cybersecurity, RBT CPAs is available to handle all of your tax and accounting needs. We work with local governments and school districts throughout the Hudson Valley. Give us a call today.