Cities are increasingly making headlines for being crippled by ransomware and other attacks. Such vulnerability isn’t surprising, since municipalities have a growing number of attack vectors and a pool of taxpayer or insurance money that hackers find too tempting to resist.

Municipalities are morphing from once relatively simple IT clients to more complex, IT-rich, consumer-facing entities. The ever-increasing vulnerability of cities means growing opportunity for MSPs.

Kingsville, Texas is a city of 25,000 people. Smarter MSP caught up with Edwin Benson, the IT coordinator for Kingsville, to talk about some of the security threats facing cities.

According to Benson, the biggest security threat that are facing cities like Kingsville is not a room full of hackers halfway across the globe; it’s someone down the hall in HR, accounting, or maintenance.

“While there are a certain number of incidents related to ‘insider’ attacks, where users intentionally abuse their privileges and credentials, most of the big breaches you have seen in the media are the result of simple user errors, such as falling for phishing attempts, visiting sketchy websites, bringing compromised USB drives or other personal devices to work, or credential sharing,” details Benson.

These errors then allow ransomware and other malware variants to be introduced and bypass security measures that may have been put in place.

“In short, the best lock in the world is useless if you hand a thief the key,” states Benson, adding that quality user training is the best security bang for your buck. Benson’s department provides city employees with training to become more aware of cyber hygiene.

“My department provides regular user training and periodically phishes our users to determine the success of that training, while also creating teachable moments for click-prone users,” explains Benson. In cities, a successful breach by hackers could bring down fire, police, and other emergency services. Keeping city services safe is mission-critical for MSPs and IT departments.

“By coupling training with good defense-in-depth, we hope to mitigate as much risk as possible, but also understand that as a small municipality, we are an attractive target,” notes Benson.

IoT devices are reshaping cities

Meanwhile, IoT is reshaping the average small city’s cyber landscape, from traffic signals, to sensors in the road, to the HVAC systems at the municipal building. Cities have been slower to catch up to the cybersecurity threats that these IoT devices represent.

“IoT specific security controls are still evolving, and government tends to follow behind the consumer market when it comes to adoption of new technologies,” admits Benson.

All these new devices spread throughout a city can also spread an IT staff thin, which is why Benson thinks there is plenty of room for MSPs in municipal technology service.

“There is plenty of room at the table for MSPs. In many cases an MSP can be a powerful ally for cities. If you have a shallow pool of tech talent in your area or are seeing rapid growth, an MSP can supplement your existing staff and make their workload more manageable,” suggests Benson.

MSPs can fill the gaps

Looking at cybersecurity specifically, there are more job openings than qualified applicants to fill them. There is also a growing list of compliance requirements and threats to address. MSPs could fill these needs.

While cities have similar security needs as other entities, Benson says the difference is in scale. Even smaller cities have a much greater scale than the average enterprise, and that is where MSPs can help.

“Multiple sites can mean multiple firewalls and multiple equipment configurations to be managed to maintain security. A doctor with a single office may only need one IT staff person, but a small city with 100 users and 13 locations could need several more employees to accomplish the same tasks,” explains Benson.

Growing needs of cities

The needs of cities will only grow as the arrival of 5G unleashes a new wave of IoT. The clientele of cities is also changing. Citizens are becoming consumers of municipal services, more so than in the past.

“Citizens are demanding more convenience and options in how they communicate with their local governments. This has created a fairly large market for citizen engagement and government transparency products,” observes Benson. He adds that these new technologies bring new threats with them.

“Municipalities will need to catch up with other industries in their approach to cybersecurity if they hope to avoid becoming victims. For many years, cybersecurity wasn’t a major priority for cities since it required funding that could go toward public works projects and citizen services,” says Benson.

The way cities think about security has begun to change, but many towns are still behind their private-sector counterparts. The future of cybersecurity for municipalities is one full of potential, if administrators continue to embrace and promote cybersecurity awareness to balance the demands for convenience from employees and citizens. And cities are ripe for MSP opportunity.

Photo: TT studio / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *