Writer: Margaret Blanchard
Local governments learned about the ramifications of a cyberattack and how to respond at a recent cybersecurity webinar hosted by the Carl Vinson Institute of Government.
Eric McRae, associate director of Information and Technology Outreach Services, led the event and provided context on the financial burden of cyberattacks. According to recent statistics from IBM, the average global cost of a data breach is more than $4 million — a figure that jumped by more than $1 million due to remote work.
Helping government prepare for cyberattacks — especially in times of global insecurity — is an important part of the institute’s mission. A recording of the “Is Your Government Cyber Aware?” webinar has been posted to the institute’s website.
“It is critical to raise awareness of the various types of cyber threats occurring against the vital functions of government. We are committed to informing local governments and school districts across the state about those threats and the important cybersecurity measures they can take to help protect themselves from future attacks,” said Rob Gordon, director of the institute.
Zach Propes, an assistant county administrator in Gainesville, shared lessons learned from a ransomware attack that paralyzed Hall County’s government in 2020. He urged colleagues to treat cybersecurity as a key part of emergency and infrastructure planning.
“Although you can’t necessarily ‘see’ the direct impacts of cybersecurity, it’s worth the investment and should be incorporated into basic operating costs like having patrol vehicles for law enforcement,” Propes said.
End-user education is equally important, especially since 95% of cybersecurity breaches result from human error according to Tech Republic.
That was indeed the case in Hall County after an employee unwittingly set off the ransomware.
“You can invest millions of dollars into IT infrastructure, security and firewalls, but all it takes is one employee accidentally clicking a link somewhere and it’s all for nothing,” Propes said.
The county now has monthly cybersecurity awareness training for its staff and also encourages employees to adopt a “think before you click” mindset.
Local governments would also be wise to establish a response team of key stakeholders. This group may include the board chairperson/mayor, directors of management information and emergency systems, city and county administrators, school superintendents, attorneys, and representatives from risk management, financial services and communications.
Jonathan Baugh, a cyber analyst with the Georgia Technology Authority, provided a debriefing of recently passed state legislation that mandates local governments report cyberattacks.
“It’s important to report data breaches so we can track to monitor targets and frequency of attacks,” he said.
Georgia governments should report cyberattacks and data breaches within two hours of notifying the federal government. To report cyberattacks or data breaches, visit https://gema.georgia.gov or call 800-TRY-GEMA (800-879-4362).
In a Q&A session, presenters fielded questions about how ransomware is spread, the cost of such attacks and effective training methods.
“We’re grateful to Zach for sharing his story and to Jonathan for providing updated reporting requirements. It’s important to convince decision-makers that cybersecurity is essential, and the best way to do that is learning from peers. We look forward to bringing more awareness to this issue,” McRae said.
The recording of the “Is Your Government Cyber Aware?” webinar is available on the institute’s website.
Future webinars will cover topics including the elements of cybersecurity, identifying phishing attempts and the increasing need for encryption software. The next cybersecurity webinar is slated for mid-July.