By Adam Bakst
With recent cyber attacks on Riviera Beach and Lake City, security of computer systems and information seems to be a growing concern even for the smallest of cities.
This is leading local information technology departments throughout the state to try and control this problem before they fall victim to hackers.
“We are constantly under bombardment, I think the last estimate I saw was tens of billions of emails sent in the past year as phishing threats,” said Josh Wilson, Manager of Information Security for the city of Lakeland. “We consider it a serious threat.”
According to TechTarget, phishing emails are “a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels…to distribute malicious links or attachments that can perform a variety of functions.”
What makes these emails more vicious than the traditional spam or junk mail is their specificity.
“They are more sophisticated, they’re more targeted,” Wilson said. “We have a lot of cases of fraud potential where the bad guy, if you will, wants to get monetary stuff, for example a check cut to them, and they might send an email representing themselves as a service provider for the city."
The city manager of Lake City, a community of about 13,000 residents about 60 miles west of Jacksonville, says it paid about $460,000 in bitcoin Tuesday to recover data and computer operations.
In a separate case, the Village of Key Biscayne, just off the coast of Miami, reported a data breach earlier this week. This comes a week after Riviera Beach agreed to pay $600,000 in ransom.
It was not immediately clear if there was any connection between the attacks.
With emails being a vital part of city communication, it is easy to see why it is a primary method for delivering viruses and other scams.
“Email is absolutely the most prevalent attack vector,” Brian Campbell, Chief Information Security Officer for St. Petersburg, said. “It’s a very large concern for everyone. Obviously the city, but individuals as well.”
When it comes to cyberattacks, the size of the victim does not matter. The smaller Florida cities mentioned earlier joined other targets like Baltimore and Atlanta.
As a result, cities are setting up systems to train employees and protect their servers.
Officials with Lakeland, St. Peterburg and Sarasota have issued cyber security instructions and held mandatory courses to keep their employees aware of the newest phishing scams.
“[The training] gives people red flags to look for,” Josh Wilson said. “It gets the user outside of the regular routine of just trusting every email.”
IT Director for Sarasota, Herminio Rodriguez, says these scammers can be a part of something much larger, and much more dangerous.
“This is a real enterprise, it’s a money generator so the more you pay into it, the bigger it becomes. This is not the Nigerian prince anymore.” Rodriguez said. “They get very, very, very targeted.”
Some cities, like Sarasota, take extra precautions by backing up their data at a remote site.
“You have to have a plan to continue your business, so ransomware or virus or being hacked, it’s no different then if a hurricane came down.” Rodriquez said. “You have to be ready, you have to prepare…it cost a lot, it cost significantly, and a lot of people are not willing [to invest in it].”
Even with all this technology, the key to safety comes down to every city employee - or as Brian Campbell says, “the weakest link in any security system happens to also be its strongest link, and that is the person whose hands are on the keyboard.”
Additional material in this story courtesy the Associated Press.