Ransomware attacks on municipal governments have increased by more than 97% over the last two years, according to some sources. According to Verizon’s 2019 Data Breach Investigations Report, a premier cybersecurity research organization, the public sector is the most frequently targeted industry, with 16% of all cyberattacks taking place in this industry.
Identifying risk areas is a critical factor when deciding where to invest your government’s time and resources. And, because data about local governments is more accessible than comparable private sector data, risk exposure is inherently increased. From the park district to the finance office, resilient IT systems are necessary to protect infrastructure and help ensure smooth and efficient operations. Cyber risk should be treated as any other business risk the entity would protect against, and disaster recovery and business continuity plans should be established and tested regularly.
In the case study examples that follow, Baker Tilly shares IT and cybersecurity experiences with two governmental clients, a municipality and a county — highlighting the challenges faced and how these entities addressed their challenges.
Case study – county
When a county’s IT director retired, the county needed help identifying and hiring a replacement. They looked to Baker Tilly for help. Our team served as a resource and subject matter expert because we were familiar with the challenges that the IT department faced and the direction the county was looking to move into. Once the new IT director was in place, attention turned to addressing IT controls that hadn’t been prioritized from previous years’ audits.
- Working with the new IT Director, Baker Tilly advised on solutions to meet the county’s needs and objectives, including: A cybersecurity assessment to evaluate the county’s people, cybersecurity tools and processes
- Building a cybersecurity program to address the county’s cybersecurity risks
Baker Tilly and the county collaborated to complete the assessment and build the cybersecurity program – a project that was completed within three months.