Think your city is ready for a cyberattack? Think again

There is no way around it; every day there are new cybersecurity threats to not only individuals, but governments at all levels as well. There have been some high-profile breeches that involve major cities like Atlanta and Baltimore.

But those attacks are going to all levels, and recent research has shown most municipalities and cities are ill-prepared for cyberattacks.

Research conducted by Donald Norris, PhD, and Laura Mateczun, JD, of the University of Maryland, Baltimore County along with William Hatcher, PhD, Wesley Meares, PhD, and John Heslen, PhD, of Augusta University, found various reasons why local governments struggle with cybersecurity. 

The research shows local governments recognize the need for cybersecurity but are not taking crucial next steps to ensure cybersecurity by integrating policies into daily management practices. Not just that, some local governments were unaware how often they were under cyberattack.

Throw in the fact of budgetary constraints, it leads local governments to be in a tough situation.

That, unto itself, is a major sticking point, but the burden could be lessened.

“Effective cybersecurity is expensive and too much of a strain on the budgets of many cities and counties,” said Hatcher, chair of the Department of Social Sciences in Pamplin College of Arts, Humanities, and Social Sciences at Augusta University. “This is why we suggest regional solutions to the program, so multiple governments carry the cost.”

Meares, associate professor and MPA director in Pamplin College, added it’s not just the financial aspect, but said there’s a shortage of cybersecurity talent nationwide which, compounded with limited budgets, makes it tough to compete.

In the quest for talent between private and public sector, usually the private sector can offer more to entice a cybersecurity expert to come work for them.

There’s also an issue of many local governments using dated technologies, which may be easier for cyber criminals to attack.

“Local government is increasingly being more digitally connected, with vital infrastructure, data and services connected which creates more opportunities for cyberattacks. Additionally, local governments tend to lag in updating critical technology due to limited resources (both human and financial resources),” added Meares.

None of this comes as a surprise in the lack of cybersecurity training.

“It’s an expensive service for local governments to provide. This is why we suggest more budgetary support for the training,” said Heslen, assistant professor in Pamplin College. “We’re also unsurprised because local governments often struggle to fund professional training in other areas.”

But researchers say there are ways to improve upon safety of critical data, most notably adopting dedicated cybersecurity budgets funded at an appropriate level in all local governments. Those resources can help address many limitations in local government cybersecurity programs, from staffing and hardware and software deficiencies to awareness training for all parties in local governments.

They also recommend the adoption and implementation of cybersecurity policies to manage and regulate actions taken by all that affect the organization’s cybersecurity.

By taking the recommended actions, local governments will have a better chance to provide high levels of cybersecurity and protect their information assets more effectively.