NATIONAL VIEW: Atlanta fell victim to a cyberattack — who’s next?

By Kansas City Star

The ransomware cyberattack that has wreaked havoc on Atlanta’s digital infrastructure for more than a week could happen here. Or anywhere.

But with strong cybersecurity procedures already in place, officials say Kansas City is in position to thwart the relatively common attacks.

The city regularly trains staff on cybersecurity, spokesman Chris Hernandez said. It teaches them to exercise caution and refrain from opening suspicious emails.

The training covers approximately 3,000 full-time users and is pushed out in cycles about every six weeks. It’s ongoing and includes multiple training modules and testing, Hernandez said.

Ransomware is malicious software that takes over a computer or a system and encrypts it. It is typically transmitted by email or web pop-ups at the desktop workstation level. Hackers usually demand a ransom to unlock the system.

According to The New York Times, a 2016 survey of chief information officers for jurisdictions across the country found that obtaining ransom was the intent for nearly one-third of all attacks on a city or county government.

The survey also found only half of the local governments surveyed had developed a formal cybersecurity policy, and only 34 percent said they had a written strategy to recover from breaches.

It’s reassuring to know the city has a plan in place, but what about other area municipalities or county governments?

It’s impossible to gauge the threat level to each entity, but technology experts suggest governmental agencies implement a formal cybersecurity policy, update their infrastructure and have an adequate backup plan in case a system is compromised.

The same approach goes for small businesses, nonprofits, as well as individuals, technology experts say.

Atlanta’s woes begin March 22 when a cyberattack crippled the city’s computer systems. The city also received demands to pay a ransom, but officials had yet to say if they would pony up.

The hack was described as one of the most sustained and consequential cyberattacks ever mounted against a major American city.

As of Friday, Atlanta residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website.

A senior security analyst at Bishop Fox, an independent cybersecurity consulting firm, told The Star that no agency is fully protected from a cyberattack. To avoid the headache, cities large and small must take steps to insure that their IT departments are up to task to prevent a compromise of their systems.

Constant reminders to well-intentioned employees to avoid those fishy-looking phishing emails would also help.