Opinion: Municipalities should make cyber safety a new year’s resolution
No organization is immune from cybercrime
Municipalities must be ready and able to respond to attacks quickly
Municipalities will need to consider how to respond to legal requirements of a cyber attack
The number of cyber attacks in the news seems likely to grow as we begin 2019.
The end of 2018 saw the theft of over 500 million personal records from Marriott-owned Starwood, comprising one of the single largest breaches of consumer data in history.
But such attacks are not confined to the private sector. This past September, the small regional county municipality of Mékinac, in the Mauricie, lost access to its servers as a result of a ransomware attack, which saw the municipality pay $30,000 in Bitcoin in order to restore access. Despite the payment, the region’s servers were disabled for over two weeks. Several Ontario municipalities were also the victims of similar attacks in 2017.
As citizens, we surrender a treasure trove of personal data to various government bodies — from social insurance numbers to our financial records to confidential property information. We assume (perhaps, naively) that they are doing everything in their power to protect it from theft or misuse. But municipalities are particularly vulnerable to cyber attacks, as they often lack the resources needed to defend and respond to them.
Since the Mékinac attack, no public statement on the subject has been released by the Quebec provincial government. Cybersecurity was not mentioned in the Fall Economic Statement. Yet, since December 2017, the provincial government has pushed forward the Quebec Digital Strategy, which promises to improve the quality of life for all Quebecers through digital technology. This also includes ensuring all public records are online.
We must not let attacks like those in Mékinac derail our digital ambitions. But as a part of the broader digital strategy, we need to talk more about digital safety. Local governments should take Mékinac as an opportunity to shape the dialogue with the province on what is needed to help public sector bodies better protect citizens’ digital property.
The reality is that no organization is immune from cybercrime, with hackers evolving nearly as fast as the new technologies that are built to fight them. But there are steps that municipalities can take to spend taxpayer money more wisely.
Strengthen your best firewall, your employees: Within the public sector, there are hundreds to thousands of potentially vulnerable employees. There are also numerous departments that coexist on a shared network yet each with its own information security and compliance requirements. Municipalities, as well as other levels of governments, need to be aware of these weaknesses. Education is critical and like fire safety, it should be seen as a mandatory training component for all public entities.
Be prepared to respond early and quickly: The fact that Mékinac employees were locked out of their servers for two weeks, despite paying ransom, demonstrates the costs of not being prepared. Hackers often access systems or servers months or even years before theft or ransom occurs. Given the sophisticated nature of attacks, identifying this initial threat from the very beginning is important. Municipalities must be ready and able to respond to attacks, from fixing system damage, to restoring operations, to rebuilding data files. Luckily, technology exists today that is affordable and can enhance threat monitoring capabilities and restoration for municipalities. However, an upfront investment will need to be made.
Municipalities will also need to consider how they will respond to the legal requirements of a cyber attack (mere hours after Marriott Starwood announced that its database had been breached, the company was hit with a class action lawsuit).
With the stakes getting higher and cyberattacks getting bigger and more frequent every year, municipalities must take control of their own safety. However, they can’t do it alone. It is time for municipalities to start a conversation with the province (where the province takes the lead) on how to protect our public bodies and to make cybersecurity one of their new year’s resolutions for 2019.
Vishal Kundi is CEO of Toronto-based BOXX Insurance Inc.
Original Article Published by Montreal Gazette
About BOXX Insurance
BOXX Insurance Inc. helps businesses and families insure and defend against cyber threats. BOXX Insurance Inc. is privately-held with headquarters in Toronto, Canada. BOXX’s vision is to help businesses, individuals and families stay ahead of, respond to and recover from cyber threats, putting their digital safety first.
How to secure your brokerage’s data – an interview with BOXX Insurance
Brokers must secure their client data to protect their trusted advisor status, a cyber insurance provider has warned.
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.