State and local governments have increasingly become targets of cybersecurity attacks. This year cybersecurity attacks on Baltimore and Lincoln County, North Carolina reportedly will cost those government entities $18.2 million and as much as $400,000, respectively to recover from the attacks. Last year, Atlanta spent more than $7 million to recover from a ransomware attack. A report by cybersecurity firm Coveware shows that governments paid almost 10 times as much money on average in ransom as their private-sector counterparts over the second quarter of 2019.
Recognizing this risk, Massachusetts Governor Charlie Baker announced a new program to help cities and towns develop strategies to prevent cyberattacks. “The more capable the public realm becomes, the greater the challenges and the greater the risks associated with trust,” Baker said. “We need to do things to help.”
During the first Massachusetts Cybersecurity Week, at the state’s third annual Cybersecurity Forum capstone event, Governor Baker introduced an expansive cybersecurity program, including statewide workshops for municipalities to work together to enhance their cybersecurity capabilities, which will be lead by the MassCyberCenter at the MassTech Collaborative.
Governor Baker discussed the “smart” future – a world of smart buildings, autonomous cars and smart communities that is not too far away, and emphasized that states and municipalities need to be prepared. “We have a long way to go in the public sector to digitize our assets. I don’t think that’s a really big surprise to anybody in this room,” Baker said at a recent State House event, addressing a group of 200 executives from the private, public, and R&D sectors.
Baker’s Cybersecurity Program complements a similar program led by the National Governors Association (NGA), announced in July, in which the NGA will collaborate with cyber-related state agencies to help improve cybersecurity strategies in the public sector across the nation. Massachusetts was one of seven states selected by the NGA for the first phase of this program, to help develop an action plan and identify key priorities in cybersecurity.
Cyberattacks continue to be a major risk for private companies as well. Coveware reported that the average size of private companies targeted by ransomware in the second quarter of 2019 was 925 employees. . McAfee Labs reported that ransomware attacks grew by 118% in the first quarter of 2019. Government entities and private companies alike should conduct risk assessments to develop appropriate security measures to protect them from the risk of cyberattacks.
This cybersecurity program is just another example of how Massachusetts continues to lead the way for other states on privacy and security matters. Check out other Massachusetts initiatives discussed on the blog:
- Massachusetts Enacts Law Providing Greater Privacy of Health Insurance Information
- Proposed Legislation in Massachusetts Would Create Private Right of Action for Improper Collection of Personal or Biometric Information
- The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance
- Updates to Massachusetts Breach Notification Law – Much More Than Mandatory Credit Monitoring