by Mike Grebosz, Assistant City Manager, DeLand
At the 2018 FCCMA Fall Symposium on November 8th at the Florida Institute of Technology in Melbourne, several dozen attendees learned about the reality of cybersecurity threats to local government. The FCCMA Professional Development Committee chose this topic for the Symposium after hearing from the membership after our Annual Conference that additional training/education in this area is of high interest.
Dr. Jason Lewis, from the USF College of Engineering facilitated the Fall Symposium. Dr. Lewis has an impressive resume of experience in the cybersecurity field that includes past military, federal and local government work.
During the Symposium topics that were discussed include: Identifying your Cyber “Crown Jewels”, City Risk Management, The Human Element in Cybersecurity, and Risk/Reputation Crisis Management.
One of the main takeaways from this is that if a cyber incident has not already happened at your organization, it will happen at some point in the future. Cyber incidents range from data loss, business disruption, destruction of data or equipment, disinformation campaigns, and deception tactics to gain inside information. One of the most attractive pieces of information local governments possess is personal information (also known as PII). This data if accessed and stolen by hackers can fetch $1,000 or more per record on the dark web.
A second takeaway is that any size government is a target. It is absent minded to have the opinion that it won’t happen in my city/county. The attendees learned of a cyber incident that occurred at a local government here in Florida that only had about 10 employees and 3 computers.
What can be done to stop it? First, organizations need to identify their cyber assets and vulnerabilities. Next, make sure there are adequate resources (staff and money) allocated toward cybersecurity in the organization. Employee training and required technological upgrades are major components along with hiring an outside cyber audit of your organization on a regular basis. Another good area to look into is obtaining cyber insurance. The average cost per cyber incident is $3.62 million or $141 per stolen record to the organization. By taking these preventative measures it will help your organization two fold, by keeping it as safe as possible and it will provide evidence that if attacked, the organization did all it reasonably could do so that your organizational reputation is not damaged.
The last takeaway to highlight is that despite all best efforts to prevent a cyber incident, in the event that an incident occurs, there are resources available such as the FBI, DHS, CyberFlorida, along with local government professional networks to help an organization get through an incident. Don’t be afraid to reach out for assistance.
Thank you to the Florida Institute of Technology in Melbourne for hosting and thanks to the FCCMA staff, the Professional Development Committee, and Dr. Lewis for putting on this informative symposium.