In an era marked by the escalating frequency of cyberattacks across industries, the public sector emerges as a particularly enticing target for cybercriminals due to its historical vulnerabilities. This susceptibility poses potentially costly consequences, making it imperative for municipalities to bolster their defenses.

IBM underscores the severity of the issue by reporting that each cybersecurity incident in the public sector carries an average toll of $2.6 million. Additionally, insights from the 2023 Verizon Data Breach Investigations Report (DBIR) reveal that Public Administration led in both the total number of incidents and breaches last year.

Essential city services, including water supply, emergency services, public transportation and waste management, depend heavily on interconnected digital systems that house high volumes of sensitive information. The looming threat of cyberattacks, particularly in the form of ransomware, has the potential to disrupt these vital services, causing inconvenience and posing safety issues for residents.

Key measures for defending municipalities against cyber threats 

The stakes are undeniably high when it comes to protecting municipalities' data. However, amidst this always-changing landscape, there is room for optimism. With strategic planning, monitoring, and the implementation of necessary precautions, municipalities can avoid the potentially devastating repercussions of cyberattacks and fortify themselves against data breaches.

Strengthen asset management

Establishing robust asset management processes, policies and technologies is pivotal in addressing information security incidents and preventing organizational damage. 

Embracing principles such as classification, organization, automation and continuous monitoring facilitates the maintenance of a current and accurate inventory. Municipalities can enhance short-term troubleshooting and make informed decisions for long-term planning and procurement by consolidating information about endpoints and infrastructure devices. Successful asset management is not a one-time endeavor but an ongoing cycle of improvement and adaptation.

Effective management and monitoring of access

Identity and Access Management (IAM) is crucial because it addresses notable weak spots in many organizations, account compromise due to publicly available breach data as well as the potential for insider threats. In fact, Verizon indicates that internal actors contribute to 30% of reported breaches in this sector. 

For municipalities, having this framework of policies, technologies and processes ensures that the right individuals have the appropriate access to resources within an organization's information technology (IT) environment. IAM best practices include:

  1. Least privilege: This concept involves providing users access only to the necessary items and nothing beyond that. In the context of zero trust — which is a security framework challenging traditional models relying on network trust and perimeter defenses — adopting the least privilege concept is a fundamental aspect of the overall security strategy. The least privilege concept involves customizing access permissions for each specific instance by incorporating contextual factors and risk calculations. Instead of granting broad or unnecessary access, this approach ensures that users and entities are given the minimum level of access required for their specific tasks. By considering factors such as user identity, device status and the sensitivity of the accessed resource, the least privilege concept enhances security, minimizing the potential impact of security breaches and unauthorized access. 
  2. Centralization: Streamlining access management and centralized authentication, especially with Single Sign-On (SSO) implementation, alleviates worries surrounding high-privilege users. This is achieved by guaranteeing a thorough log-off process, thereby reducing the potential for overlooking access points. With SSO, users can utilize a single access token across multiple systems, enhancing security by minimizing the need for multiple password inputs. SSO allows users to utilize a single access token across multiple systems, bolstering security measures by reducing the necessity for multiple password inputs.
  3. Removal of unwanted assets: Initiating robust security practices early in the process is crucial. This includes routine removal of unused accounts, timely software and hardware upgrades and efficient vendor management. The adoption of such practices is essential as it streamlines the defense and security workload, minimizing the presence of unnecessary items. Particularly in municipal contexts where dependence on vendors is prevalent, comprehensive vendor management becomes a critical component of cybersecurity. Conducting thorough due diligence in assessing vendors' cybersecurity practices is imperative to identify and mitigate potential risks, ensuring the selection of vendors with established and robust security measures.
  4. Password and MFA implementation: In the present digital landscape, depending solely on passwords for security proves inadequate. The proliferation of password-cracking tools, frequent data breaches and the complexity of managing multiple credentials underscore the imperative for supplementary security measures. Multi-factor authentication (MFA) addresses the limitations of passwords, providing a vital layer of defense against unauthorized access. Recognizing the inherent drawbacks of passwords and embracing MFA is a crucial component of a comprehensive security strategy considering evolving cyber threats. Despite the growing availability of MFA across various services, its comprehensive implementation often falls short in enterprise environments. Many companies adopt MFA reactively, typically in the aftermath of a significant breach. 

Tabletop exercises and incident response (IR) playbooks

Conducting tabletop exercises involves key stakeholders and staff in a low-stress environment, systematically walking through scenarios of disasters, malfunctions, attacks or other emergencies. The goal is to identify weaknesses in current processes before an actual incident occurs.

During tabletop exercises:

  • A moderator or facilitator delivers and navigates the scenario, answering "what if" questions, leading discussions and controlling the exercise's pace.
  • A designated member evaluates the overall performance, creates an after-action report and ensures accuracy by following a runbook.

Participants representing various departments (such as finance, HR, legal, security, management and marketing) actively engage in the exercise, challenging assumptions and contributing to the conversation. 

The tabletop exercise should include:

  • A handout with the scenario and space for notes.
  • Current runbooks detailing how security situations are handled.
  • Policy and procedure manuals.
  • A list of tools and external services.

Post-exercise actions and questions include evaluating what went well, identifying potential improvements, assessing missing services or processes and documenting issues for corrective action.