NCLM Volume 70, Issue 4, 2020

SOUTHERN CITY QUARTER 4 2020 26 BEN BROWN NCLM Communications & Multimedia Strategist That One Click Can Set You Back 10 Years It was March 18, a little after 8:30 p.m., when Shelby Police Chief Jeff Ledford got the call that turned everything upside down. On the other end of the line was the city’s 911 communications director. “We’ve got a problem,” he told Ledford. The problem, Ledford learned in general terms, was that some form of malware—a software created with the intention of doing harm—had hit computers there. Ledford was told it had their sys- tems “kind of crippled,” so he went back to work to have a look. “When I walked in, that’s when it started to hit me that this is big- ger than just a small malware attack,” Ledford said. Every computer was down. The 911 screens and telephone sys- tems, all down. Ledford walked into his office at police head- quarters to think, pulled his computer up, and realized it was everywhere. “This attack had impacted our entire city,” he said. Cell phones, email, even the ability to look up how many unused vacation days an employee had—everything was frozen under a ruthless cyber attack. “We technically did not know who worked for the city,” the chief said. “We were completely blind in every facet of the city.” What happened to the City of Shelby—which forced Ledford and other city leaders to totally and painfully change how they performed essential business while they worked to rebuild digital access—is, unfortunately, not an extreme-end example of what consumers, businesses, and governments are up against in their increasing reliance on connected computers and internet processes. That’s why the League has amped up its role in helping municipal- ities create the best possible defenses against cyber crime. Lately, it’s connected with cities and towns across the state through its Cybersecurity for Municipal Officials Virtual Workshop training, which examines common threats and mitigation strategies. The League has made this training, led by League experts includ- ing Risk Control Consultant Matt Reid, free to NCLM insurance pool members. Non-pool members can participate for $45, which is almost immediately recouped by the defenses and strategies learned toward averting what can be a disturbingly expensive crisis. The fallout costs are growing, too. The damage toll of global cybercrime has mushroomed into a projection of $6 trillion by 2021, up from the $3 trillion of 2015, according to Cybersecurity NCLM TRAINING UPS CITIES’ CYBER DEFENSES, AWARENESS Ventures, a firm that keeps tabs. Their experts say it represents more money than does the trade of all major illegal drugs com- bined. And it can be a massive problem for the business and governmental worlds that so often connect on efforts to innovate and incentivize—and can’t if their systems are seized. “We were at ground zero,” Chief Ledford said of Shelby’s situation. Ledford warns against the common mindset that cybercriminals only care to target big cities or agencies with sizable coffers. The truth is these internet crooks are happy to take advantage wher- ever vulnerability exists, and individual towns around the country have been shaken for hundreds of thousands of dollars or more in ransom or rebuilding work each time. New Orleans’ recovery from a cyber attack cost the city beyond $7 million. Past editions of Southern City have covered some of the more common vulnerabilities, which are expanded upon in the League’s training courses. But they bear repeating, particularly what’s often the first failure in defense: human behavior. Cybercriminals often apply social engineering to get people like city hall employees to break from normal security protocol and best practices in order to gain access to things of value, whether they seek to take a computer system ransom or help themselves to sensitive data, like passwords, credit card numbers, or bank info. Employees need to be aware of these efforts, as attackers are increasingly relying on psychol- ogy and behavioral knowhow to trick unsuspecting people into provid- ing money or data or clicking bogus links that let viruses through. “That one click can set you back 10 years,” said Ledford, whose agency had to revisit the days of pen and paper for every step of office work that had required computers and connections. Shelby Police Chief Jeff Ledford discussing the RYUK ransomware attack his city experienced this year. Photo Credit: Ben Brown. Past editions of Southern City have covered some of the more common vulnerabilities, which are expanded upon in the League’s training courses. But they bear repeating, particularly what’s often the first failure in defense: human behavior .

RkJQdWJsaXNoZXIy Nzc3ODM=