Local governments are often prime cybersecurity targets due to their extensive databases of sensitive information and, at times, outdated security infrastructure. In 2019 we covered Baltimore losing over $18 million to a breach, thanks to an unpatched system. Albany County, New York, recently joined the growing list of municipality es grappling with cybersecurity breaches, highlighting the urgent need for robust cybersecurity measures at all levels of government.

Albany County's Cybersecurity Incident

Albany County officials are currently investigating a potential cyberattack on their servers, which could have far-reaching implications for the county’s 310,000 residents. County Executive Dan McCoy confirmed the potential breach in a statement, emphasizing the county's proactive stance by initiating a comprehensive analysis over the weekend. This investigation is supported by the New York State Department of Homeland Security and the Emergency Services Cyber Incident Response Team.

The potential attack appears to have caused minimal disruption to services thus far. County spokeswoman Mary Rozak noted that individuals seeking certificates of residency online would need to contact the county's Division of Finance directly. Importantly, there is no current evidence of unauthorized data removal from the servers.

This incident is part of a troubling trend of cyberattacks targeting local governments. In March 2021, a ransomware attack affected 911 dispatch centers in Albany County and two neighboring counties. Similarly, in December 2019, hackers crippled the Albany County Airport Authority's servers, resulting in a six-figure ransom payment. The city of Albany itself was hit by a ransomware attack in March 2019, costing $300,000 in recovery and security upgrades. Most recently, in March 2023, Albany ENT & Allergy Services reported suspicious activity that potentially exposed sensitive patient data.

New York State's Cybersecurity Measures

Recognizing the escalating threat landscape, New York State has significantly ramped up its cybersecurity efforts. Following a severe ransomware attack on one of the state’s affluent counties in 2021, Governor Kathy Hochul has made cybersecurity a cornerstone of her administration's agenda. In June 2022, Governor Hochul appointed Colin Ahern, a former company commander at the U.S. Army Cyber Brigade, as the state’s first-ever chief cyber officer. This role was created to spearhead New York's cybersecurity initiatives and ensure comprehensive protection for the state's digital infrastructure.

Additionally, Governor Hochul announced enhanced cybersecurity regulations requiring regulated entities to report ransomware payments and implement stronger measures to secure customer data. This move aims to increase transparency and preparedness across the state’s industries and public sectors.

New York State's commitment to cybersecurity is also reflected in its budget. Last year, the state allocated an additional $35 million to its cybersecurity budget, bringing the total to $96.9 million. This funding is crucial for implementing advanced security technologies, conducting regular security audits, and providing training to staff across various government agencies.

The Broader Context of Ransomware Attacks

Albany County’s recent incident is not an isolated case but part of a broader national trend. Ransomware attacks on local governments have become increasingly common, with at least 45 local governments impacted by such incidents this year alone. Cities like St. Helena in California and Macon-Bibb County in Georgia are still recovering from recent attacks, underscoring the pervasive nature of this threat.

Ransomware attackers typically target entities that are more likely to pay a ransom quickly to restore services, making local governments attractive targets. These attacks not only disrupt services but also lead to significant financial costs and potential exposure of sensitive personal data.

Conclusion

The recent potential cybersecurity breach in Albany County is a stark reminder of the persistent and evolving threat posed by cyberattacks. While the immediate impact appears contained, the incident underscores the necessity for continuous vigilance and robust cybersecurity measures. New York State’s proactive steps, including the appointment of a chief cyber officer and increased cybersecurity funding, represent crucial efforts to safeguard public infrastructure and data. As cyber threats continue to evolve, it is imperative for local governments to remain vigilant and invest in comprehensive cybersecurity strategies to protect their communities.

If you are looking for an honest assessment of your cybersecurity posture – trust the cybersecurity and business continuity experts at Apex Technology Services.

---

Aside from his role as CEO of Apex Technology Services, Rich Tehrani is CEO of RT Advisors and a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC  (Four Points) (Member FINRA/SIPC). RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.