Protecting Local Governments from Cybercrime: Lessons from Curry County

By now, everyone has heard horror stories about local governments that have fallen victim to cybercrime. We hear about ransomware, phishing attacks, data breaches, etc. It sounds awful, but as city and county leaders responsible for protecting community valuables, including personal data and critical public services, cybercrime is a topic that directly concerns you. For instance, in April of 2023, Curry County, a rural county in the southwestern corner of Oregon, was struck by a ransomware attack where data was stolen after attackers gained access to the county’s network. Suddenly, the county had no access to any of its digital information. No files, no email, no voicemail. The attack shut down the county’s real estate transactions, emergency services and virtually every other public service for over a month. Employees were forced to use paper and pencil to get by while the systems had to be rebuilt from scratch, illustrating that these threats can impact anyone, anywhere.

As Curry County Commissioner Brad Alcorn described, “It has impacted every function of this county and wiped away our digital footprint.” In an interview with Oregon Public Broadcasting a month after the initial attack, Alcorn reported, “We are still not up and running and still struggling through this.” Click here to listen to the entire interview.

The attackers demanded a ransom payment to restore access, however, the FBI discourages payment of ransom. This cyber-attack has taken months and millions of dollars to restore services. This highlights the severe implications of cyber threats and the urgent need for local government entities to protect essential community valuables.

As with all types of crime prevention measures, it’s a matter of cost vs. benefit. If we have things of value that a bad actor might want, it makes sense to protect them. If we hear about crime in our area, we might purchase a deadbolt for our front door or install a security system with an alarm and/or cameras. We might tell our family members to be careful when answering the door or walking down the street.

We all do these things to protect our valuables. As you know, as a public servant, you are responsible for protecting “valuables” on behalf of everyone in your community. 

These are what we call “community valuables,” and they come in two basic forms:  

  1. The personal data of each community member   
  1. The critical public services your community relies on.  

During a typical cyber-attack, criminals often enter your network via phishing emails that deceive someone in your organization into granting them access. Once inside, they can: 

  • Steal sensitive personal data from every resident in your community and threaten to leak it unless a ransom is paid. 
  • Disrupt critical community services, demanding a ransom to restore these essential functions. 
  • Lie in wait, reading email messages of key users and looking for an opportunity to fraudulently divert funds to their own bank account.

During a typical cyber-attack, criminals most often gain access to your network when someone in your organization gets tricked by a fake email message, which allows them access. Once they have access, they can steal the private personal data of every person in your community and threaten to expose it to others. They can also demand you pay a ransom to get the data back safely. In addition, cybercriminals will attack and disrupt the critical services that your community relies on, then demand a ransom in exchange for restoring those services.

The essential services frequently targeted by cybercriminals include: 

  • 911 call centers, causing delays in law enforcement and emergency medical response.
  • Police databases, hindering access to criminal background checks and other critical criminal justice information.
  • Healthcare systems obstruct providers from accessing patient histories, severely impacting patient care.
  • Utilities such as water and power lead to significant health and safety concerns if disrupted.
  • Municipal services freezing the issuance of permits and licenses, thus impacting real estate transactions and building permits.
  • Financial services, affecting payments for property taxes, parking tickets, and processing of vital records like marriage or divorce licenses.

These disruptions not only compromise the security and functionality of affected services but also the trust and well-being of the entire community. 

The consequences of a cyber-attack are not only financial but can also be far-reaching. It may take several months to restore the critical services affected, and the costs can be enormous. Apart from the economic impact, there is also the social and psychological impact on the community, which cannot be ignored. The loss of public trust and the feeling of being victimized must also be considered and dealt with over time. However, knowing how much time and money you should dedicate to preventing cybercrime can be challenging. Click here to read our recommended Top 5 Most Affordable Cyber Security Measures, so you can make informed decisions to prioritize cybersecurity measures and allocate resources accordingly. This will help you take the necessary steps to secure your community against cyber threats.

It’s critical to be proactive to safeguard your government, state, local, or education sector from devastating cyber-attacks. Contact us today to discuss our compliance offerings designed specifically to mitigate such threats. Let’s ensure your community’s safety together.

Scroll to Top