Newark, New Jersey
What do they have in common?
They have been the victim of serious cyberattacks on their infrastructure. Said attacks cost the affected city governments and companies more than 30$million dollars.
That's an amount Atlanta, at least, had been loath to use on helping people who want to live in their city, often ignoring those who have applied from out of state.
Maybe if they had dished up 2$million to cyber and IT people looking to relocate there, this could have been mitigated. Or if people had basic knowledge about avoiding attacks, like opening emails from unknown senders.
Why are cities a growing target?
Because hackers know that cities often have stretched funds, and that the governments are populated with people who think IT and Cybersecurity are not necessary.
They know cities and the people who run them aren't growing quick enough to stand a chance against them, and that even the poorest cities can have a ransom fund big enough to fund a single person's life.
(I wonder if the people who attack cities tried to get legal Cyber jobs, but were turned away at every aspect?)
Baltimore, in particular, is doing pretty poorly; Using outdated practices by its own IT people. This is a tough job, yes, and it's easy to get lax when you're dealing with users who want things 'easy' and not secure. Mistakes will happen, and nothing is infallible.
But this is about protecting a city's government and infrastructure. Standards should be taken, and there is only so much one person who is trying can do if they do not have the support they need.
While the methods of how they used backups aren't clearly stated, I can guess -
- Backups once a year instead of once a month.
- Said backups being kept on-site instead of somewhere else.
- Probably stored on several physical mediums on the premises.
There were also 'important' people keeping files on their computers that were also compromised during an attack.
Cities and mayors - including Baltimore Mayor Bernard Young - aren't willing to pay the criminals.
And yet, you will read time and time and time again on how there is a Cybersecurity talent shortage, or an IT talent shortage.
Which we know is a lie. So the question is;
When will cities be willing to pay Cybersecurity and IT professionals?
The salary of 3 competent cyber professionals is a lot less than the 30$m ransomware attackers are asking for.
"But no one has the experience!"
Systems can never be 100% secure, even if you remove them entirely from reaching the internet. However, I assure you, we have more experience than the people who fall for phishing attacks, click random links, want to pay a ransomware attack, or have weak passwords.
There is no shortage of IT and Cybersecurity talent; Just a shortage of people who realize they need it, and are willing to pay for it. You don't value your data, or the trust of the people whose data you have. That's a part of why you don't pay.
That ransomware attack on Baltimore? It'll cost at least 18.2$million dollars.
Maybe that's worth hiring a Cybersecurity professional or 3? Even with relocation involved?
And if you're going to be cheap, well, audit your machines yourself, look for machines that may have open ports an attacker can sneak into, backup your data, and good luck when the next attack rolls around.
Because it will.