As Pensacola, Florida, battles a cyber attack that shut down much of the city’s network, one expert says more state and local governments are at risk as their systems remain vulnerable.
“It will get worse before it gets better – far worse … [Governments are] an easy target,” Morgan Wright, chief security advisor for SentinelOne, told FOX Business. “They’ve had too many wake-up calls, the problem is they keep hitting the snooze button.”
Wright noted that state and local governments are not timely when it comes to patching and protecting their systems. They have aging technologies, an aging workforce and a bureaucratic procurement process.
Furthermore, they are often unable to hire the most skilled employees in the profession who can score much more lucrative salaries in the private sector.
Beyond being unwilling or unable to pay the best workers, they are also not paying to get cutting-edge technology, which can end up hurting taxpayers in the long run.
“You will either spend now as a preventative measure … or you will spend [a much bigger amount] later as ... you are recovering,” Wright said.
And taxpayers are the ones on the hook when cities cough up the cash to recover from a cyber attack.
Costs related to an event like what is transpiring in Pensacola can be “serious,” Wright said. It is unclear whether the city is being asked to pay ransom, however other cities — like Baltimore and Atlanta — have been asked to pay to have their systems unlocked. Atlanta was asked for a ransom of about $50,000 worth of bitcoin, but it ended up spending far more on recovery efforts — about $17 million, according to news reports. Hackers demanded $76,000 worth of bitcoin from Baltimore – but the attack will end up costing the city north of $18 million – in direct costs related to restoring systems and recovery efforts and indirect costs from potential lost or delayed revenue, according to the Baltimore Sun.
There are also other soft costs, like lost productivity.
Wright said Atlanta and Baltimore are recovering from their respective attacks. He said it could take Pensacola six months to a year to recover.
“Government never has the time and money to do it right, but they always seem to find the money to do it over,” Wright joked.
Pensacola was likely not an accidental target, as it deals with the aftermath of a fatal shooting at a Navy center that took place in the city last week.
Wright noted that cybercriminals often take advantage of disaster situations, as attention is focused on recovery efforts.
In a Facebook post on Monday, the Pensacola City Government said that affected city services include emails and phones, customer service and online payments.