The cyberattack against Pensacola, Florida, highlights a troubling reality: Some U.S. mayors still don't understand the urgent need for proper business continuity, security and risk mitigation systems.
The latest evidence comes from Mayor Grover Robinson of Pensacola, Florida. During a news briefing describing a cyberattack against the city, Robinson conceded that Pensacola was looking to reevaluate its entire IT system ahead of the attack. He added: "We're not the first Florida city and we won't be the last."
That's a safe bet. But statements like that make it seem like there's no way to stop ransomware. At the press conference, nobody bothered to ask Major Robinson:
- Would the proposed upgrades have stopped the attacks?
- Does the city have a proper backup and disaster recovery (BDR) system that's fully tested?
- Does the city employ a full-time cybersecurity chief or outsource such responsibilities to an MSSP (managed security services provider)?
City Cybersecurity: Where Municipalities Fail
Based on successful attacks against numerous cities, it's safe to say many U.S. municipalities don't have proper:
- backup software/services and associated testing services;
- endpoint, network and cloud security;
- cybersecurity awareness training;
- patch management; and
- best practices such as two-factor authentication (2FA).
That's the list, folks. Tackle those five points and the vast majority of ransomware attacks against U.S. cities won't succeed. Moreover, damage from successful attacks would likely be greatly mitigated.
Still, there are signs of progress. Amid the ongoing attacks, the U.S. Conference of Mayors in July 2019 unanimously resolved to no longer accede to any ransom demands from hackers. Assuming those mayors live up to that promise, it's a safe bet their cities are taking the five steps above.