Municipal IT leaders from across the country recently gathered at the annual MISA/ASIM Canada Municipal CIO Summit, and there was one hot topic–ransomware.
While municipal IT leaders struggle with keeping their networks secure, the rising threat of ransomware is becoming a real problem.
Shawn Beaton, representing Business Development for Cybersecurity Cloud Services at CIRA, was on hand at the summit and heard from many municipal CIOs about the challenges they are facing in securing their networks on limited budgets.
Municipal leaders told Beaton that ransomware attacks are becoming increasingly common, from once a year to as much as several times a month. The challenge is educating employees and stakeholders to be vigilant with their use of the network, as anyone, even members of the leadership team, can be the one who opens the malicious email attachment.
“Everyone agrees on the threat, the approach and that the biggest x-factor isn’t the technology, it’s the humans,” said Beaton.
Shifting the focus to education and awareness, instead of blame, is essential to securing municipal networks according to Beaton, as employees who fear consequences from IT are less likely to report a possible breach.
Much discussion at the MISA summit was surrounding how to best structure security systems for maximum effectiveness. Beaton says that the idea of defining security as separate from IT infrastructure–the chief security officer–was discussed at the summit, as the growth of shadow IT, and the vulnerabilities inherent in maintaining open access to municipal services creates gaps that don't fit nicely into traditional information technology processes.
According to Beaton, public Wi-Fi networks can account for up to 50 percent of all municipal help desk issues. This creates a situation where the more services the public demands, the greater the risk to the municipal network.
The next frontier for municipal networks according to Beaton is layered security, or defense in depth, where different systems, firewalls, procedures, and solutions create an overlapping web of protection. As municipal CIOs continue to look for new ways to both provide access to enhanced services, and protect their networks, these new tactics will continue to be explored.