City administrations across the globe are sounding alarms over the sharp rise in cyberattacks. These intrusions aim at pivotal nodes like critical infrastructure, government systems, communication backbones, staffing operations, and academic institutions, encompassing even school networks.
In light of this, New York Comptroller Thomas DiNapoli has released an in-depth report which paints a stark picture of cyber threats festering within New York's local governments and academic precincts. These digital onslaughts have cast a wide net, affecting counties such as Albany, Chenango, and Erie.
“Cyberattacks are a serious threat to New York’s critical infrastructure, economy and our everyday lives,”
- DiNapoli said in a statement.
View or download PDF below:
In 2019, a glaring illustration was the ransomware siege on the Syracuse City School District. It crippled myriad services, spanning from the district's web presence to its payroll functions. Fast forward to September 2022, and Suffolk County found itself grappling with a debilitating ransomware strike.
This cyber calamity pushed the county back decades, necessitating the revival of manual processes for an extended duration. Episodes like these spotlight the domino effect inherent in cyber breaches, particularly when localised government digital ecosystems interface with larger state networks.
Such incidents amplify the catastrophic implications of unsanctioned system penetrations, most notably for systems deeply embedded in the tech fabric. Addressing this, DiNapoli's report furnishes pivotal directions and tools to bolster cyber resilience among these entities.
Decoding Cybersecurity Trends
Initiated in 2000, the FBI’s Internet Crime Complaint Center (IC3) stands as a beacon for cybercrime victims. Acting as a touchpoint, it facilitates the reporting of online misdemeanours, thus aiding law enforcement. As the nation's cybercrime pulse-check, IC3 rigorously processes the data collated, categorising and circulating it for investigative and intelligence pursuits.
Come June 2021, and the IC3 started its vigil on ransomware attacks across pivotal infrastructure sectors. Ransomware, the nefarious software that holds data hostage by encrypting it, has been a formidable foe. The aftermath can cripple businesses, but when vital infrastructure falls prey, the stakes skyrocket, endangering emergency services and crucial medical aid.
In both 2021 and 2022, the IC3 reported victimisation by a ransomware attack in 14 out of the 16 critical infrastructure sectors (excluding Dams and Nuclear Reactors, Materials and Waste Sectors).
For the data collected in 2022, the top five sectors hit with ransomware attacks were:
- Healthcare/Public Health (210 attacks)
- Critical Manufacturing (157 attacks)
- Government Facilities (115 attacks)
- Information Technology (107 attacks)
- Financial Services (88 attacks)
From 2019 to mid-2023, DiNapoli’s team delved deep, rolling out over 190 IT audits. This mammoth exercise laid bare more than 2,400 cyber inconsistencies. The focus was largely on gaping holes in elemental cybersecurity domains.
Key areas flagged for immediate attention encompassed cybersecurity governance, IT security literacy programs, a robust policy framework, and the pressing need for backup plans.
Given the delicate nature of these audit revelations, many remedial suggestions are discreetly shared with the concerned authorities. On the bright side, a substantial chunk of these corrective steps is budget-friendly, thus enabling swift adaptation by local administrations and academic districts.
