In August 2019, 22 Texas municipalities were the victims of ransomware attacks. Only a few months earlier municipal computers in Jackson County, Texas were held ransom by a cyberattack initiated by an email phishing scheme that impacted all its digital records and its backup data. The hackers demanded a Bitcoin ransom payment to release the County’s data. As of early November 2019, restoration efforts were still ongoing, at a cost to the County of over $50,000.
Texas municipalities are not alone in their vulnerability to cyberattacks. In May of 2019, hackers hit the City of Baltimore, Maryland, with a ransomware phishing attack that crippled nearly all the City’s online administrative functionality. The attack cost Baltimore over $18 million, with $10 million used to restore its systems and $8 million in lost revenue.
The year prior, a ransomware attack impacted five municipal departments in Atlanta, Georgia. The hackers held the City’s locked files and internal systems ransom for $50,000 in Bitcoin payment, leaving City employees unable to access their computers for five days, halting critical civic administrations. Refusing to pay, the City paid $2.6 million in emergency contracts in attempts to recover its lost data, with incident response and digital forensics, extra staffing, crisis communications systems, and incident response consulting. The final cost of the efforts exceeded $17 million—exceedingly more than what the cyber-extortionists requested in ransom payment.
What the incidents in Jackson County, Baltimore, and Atlanta prove, is that no public sector entity can risk exposure of critical civic and citizen data. Dangerous cybercriminals are waiting in the dark recesses of the cybersphere to pillage and extort public sector data at a crippling cost to taxpayers. One way that municipalities must safeguard their data is through the use of encrypted forms.
The Rise in Cybercrime
Recent trends and cybersecurity statistics reveal a significant spike in hacked and breached data from the expanding universe of Internet-enabled devices, including desktop computers, smartphones, and wearables. Consider these concerning statistics relative to data theft risk factors and financial consequences:
- 16% of data breaches involved the public sector
- The average cost of a ransomware attack on businesses is $133,000
- The average cost of a malware attack on a company is $2.6 million
- The average cost of a data breach is $3.9 million
- 92% of malware is delivered by email
- 48% of malicious email attachments are office files
- Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations; the United States ranks highest with 2% of all ransomware attacks
- 61% of companies have over 500 accounts with non-expiring passwords.
What Is Data Encryption?
Encryption is the process of modifying information such that it is unreadable by anyone except those possessing a digital translation key that allows the user to change the information back to its original, readable form. Imagine scrambling the letters in a paragraph and then using a decoder key to put the letters back in their correct order so that you can read the original message.
Why is Data Encryption Important?
Data encryption allows entities to securely protect data from cyber hackers and extortionists who would steal and use it for nefarious purposes or financial gain. Every entity that accepts user data through a digital interface, such as an online form, has a responsibility to the user to protect their information. This requirement is particularly essential when the transmitted data reflects personally identifiable data, such as a credit card number, driver’s license number, or social security number that, if stolen, could be used for identity theft.
At CivicPlus, we invest over $1 million annually on cybersecurity to mitigate the risks that you face every day. The benefits of our investment include the ability to offer 99.9% up-time in a tier II data center that is fully redundant. With multiple network providers, burst