If you’ve been keeping up with cyber security headlines you may have noticed a concerning trend: county cyber attacks. In the past month, both the city of Hamilton in Canada and Fulton County in the US have been targets of massive breaches.

Observing the trend cycles of cyber criminals can be instrumental to any business’s security program, even if you aren’t a public organization. By watching how and why cyber criminals are targeting these businesses, you can prevent them from moving the target onto you. In this blog, we’ll be sharing the reasoning behind the focus on government organizations and what you can take away from these cyber attacks. 

What happened?

In Q1 of 2024, both the city of Hamilton and Fulton County were targeted in separate malware attacks. The impact and cause were both eerily similar, but the culprits were not the same.

The Hamilton cyber attack

The city of Hamilton, a smaller city on the Western port of Lake Ontario, lost access to a long list of city services for days following a malware attack on its network.

county cyber attacks

Photo by Katie Moum on Unsplash

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

The city reported that all city phone lines, bus schedule applications, library wifis, and city council services were all blacked out due to this attack. 

Although not many details have been released about the attack, city staff members did note that it was caused by malware and that they were asked for ransom. 

The Fulton County cyber attack

Georgia’s largest county, Fulton County, also faced a government service black-out after being hit by a ransomware attack in late January. Similar to Hamilton, the area lost access to phone services and confirmed they were asked for ransom. 

This attack was confirmed to be from ransomware group, LockBit. They strategically stole citizen data to increase the impact of their ransom-ask. 

Why local governments?

Limited resources

Many local governments already have limited budgets and personnel. Cyber criminals know about these limited resources and choose to specifically attack organizations like this, knowing they are less likely to have a robust security program. 

With weaker programs, not only can cyber criminals gain easier access to networks, they are also more likely to get a rash reaction as the governments scramble to react quickly. A quicker, less thought out reaction, means a cyber criminal is more likely to get payment. 

Critical infrastructure

Governments operate critical infrastructure like transportation and public safety. If these services aren’t online, the city will not function properly. This vulnerability is a great weak spot for cyber criminals to dangle in the face of their victims. They know that small governments will have to act fast in order to allow their citizens to continue living. Unlike other businesses, these things are absolute necessities. 

Data rich environment

Local governments store vast amounts of sensitive data, including citizen information, financial records, and operational details. This treasure trove of data makes them enticing targets for cyber criminals seeking to exploit or monetize valuable information. This, paired with weaker resources, makes a perfect target for cyber criminals. 

Previous payments

In previous cases, like the 2022 St. Mary’s cyber attack, small governments have been advised to make payments to cyber criminals. St. Mary’s paid $250,000 in cryptocurrency in order for citizen data to not be released. 

After this, cyber criminals now see that ransomware in this industry works, and will continue to keep pressing until they succeed again. 

What every business should do

No matter your industry, there are proactive steps that should be taken to increase your cyber resilience and prevent you from falling victim to attacks like these: 

Increase top-down approval

In order to allocate significant resources to your security program, you’ll need approval from the top of your organization. Use stories like these to act as case studies to show your board and use a call-to-action for more funding, personnel, and resources. Investing in your security program will be an investment that is worth it in the long run. 

Consider your data

What type of data does your organization need to function? Many organizations hold on to customer data that they don’t need. If you don’t need valuable information, then don’t keep it. Only keep data and information that is necessary for your business to thrive and succeed. Everything else, only adds risk to these attack scenarios. 

Take time to go through your data, sort it by security level, and assess if it is necessary. After you only have the necessary data, focus on protecting the highest level of security data first and work your way down. 

Build an attack plan

Does your entire team know what to do if something like this were to happen? Fast and calm action can completely change the outcome of a ransomware case. Build out an attack action plan, not only with your security team, but your entire company, so everyone knows what their roles should be should this situation ever occur. 

Also, consider how your business would function in a black-out. What necessary services would be offline? How could you keep running your business without these available? Do your employees have the proper training to deal with this?

The recent spate of cyber attacks targeting local governments serves as a stark wake-up call for organizations of all sizes. In an increasingly interconnected world, no entity is immune to the threat of cyber crime. By prioritizing cyber security awareness, investment, and planning, we can collectively strengthen our defences and safeguard against any industry attacks.