Late last month Click2Gov was breached – again.
Click2Gov processes the utility bills of local governments in all 50 states. In 2017 and again in 2018, the company saw 300,000 of its clients’ credit cards compromised by hackers entering their system. This time, 8 cities in 5 different states were breached. This breach compromised sensitive payment data of 20,000 citizens living in all 50 states.
The repeated attacks on Click2Gov are representative of a larger trend in cybercrime in which threat actors commit large-scale attacks on small but critical entities with access to governmental data. Small governments are bearing the brunt of this trend and saw a 39% increase in reported attacks from 2017 to 2018.
Most recently, hackers exploited a local managed service provider (MSP) to hit nearly two dozen Texas cities with ransomware in an unprecedented attack campaign.
How does this keep happening?
Most city and local government leaders understand the importance of cybersecurity but feel they don’t have the resources to map out thoroughly and to navigate their cyber landscape.
Cybersecurity researchers at Gemini Advisory have spoken out about the need to regularly monitor systems for compromises. However, hackers are getting around the network scans by taking advantage of vulnerabilities in the software living on exploited devices. We see it all the time.
In the case of Click2Gov, and with many others, their portals were seemingly running up-to-date systems. Even if they had the resources for daily network scans and threat hunting, it may not have been enough.
Speaking at the National League of Cities, NLC-RISC Information Sharing Consortium on October 14, Executives of Assured Enterprises explained that insights, guided by a detailed cyber risk assessment produce the most cost-efficient, commercially reasonable means of proactive cybersecurity.
Practicing serious cybersecurity every day.
-Assured Enterprises, Inc.