TEXAS - Are you ready, hey, are you ready for this? Another one bites the dust... As much as I would rather talk about Queen and their great songs, we are facing cyber crime that is slowly getting out of control.
Not that Ransomware attacks were something new(neither are the options to protect against those by the way...), but the focus on small city administrations like today in Texas seems to be new.
This time it hit over 20 small towns in Texas, the city names have not been released, but I am sure that if you live in one of them, you will know. The ransomware completely brought down the cities abilities to deliver services, from issuing warrants to getting a title issued for the car and day to day topics like paying utility bills, just to name a few examples.
Some cities apparently were at least prepared to the point that they could recover, most likely from backups, in a reasonable timeframe, some others are still struggling to get their data recovered, I hope they all have good and recent backups.
The concern about getting affected by a ransomware however is the same - this time it was a software that "just" encrypted data, but it might as well have been a software that simply extracts data, sending it over to the bad guys to do "their business" with it.
Now, my question is, why is this not becoming major topic at every single county, city, township or state institution?
When I recently talked to some mayors and asked if they or their IT departments were interested in a discussion around their cybersecurity posture, the answer I got was "oh, we have this outsourced to a small local IT shop, they have this all covered". Yes, they have it most likely as well covered as the IT service provider in Texas which apparently was the cause for the ransomware infestation.
It is not that the small, local IT departments and service providers do a bad job in itself, they are simply not that deeply involved in cybersecurity as they need to be and the decision makers in our cities, towns, townships simply trust them blindly as they don't have the in-depth understanding of what needs to be done either.
So, head in the sand, eyes closed and assuming that it will hit another city, town or township in a state far, far away is the current state of (many of) our cities, towns and townships when it comes to cybersecurity.
Any ideas how to wake them up?
If you are a city, town, township or state official and would like to discuss your actual needs, PLEASE reach out and let's have a 30 minutes discussion. It will not cost you anything besides your time.