Following a spate of cyberattacks against local government institutions in New Jersey this year, Democratic Assemblymember Shama Haider introduced legislation on May 16 to strengthen the state’s local capabilities.
Less than a month later, her own hometown of Tenafly faced a cyberattack after teachers accidentally discovered a ransomware attack in progress last week while working on Department of Education computers.
District officials said a virus, which likely entered a school computer through an email phishing scheme, forced them to sever the town’s DOE network from the wider county system to keep it from spreading further.
Computers are back online now and the FBI has been called in to help local law enforcement, who lacked the technical expertise to carry out an investigation according to the town’s police chief, Robert Chamberlain.
In the wake of the attacks, Haider is hoping to vastly expand the state’s cybersecurity overhaul.
“The way technology is evolving, fortunately, and unfortunately,” said Haider, “you always need to keep one step ahead of the bad actors.”
While Tenafly, with a population of 14,555, might seem a small target for cybercriminals, the attack there fits a new profile, according to Brett Callow, a threat analyst at the cyber security firm Emsisoft.
“We have certainly seen a decrease in the size of municipalities that are being hit,” he said, adding that smaller governments have become more tempting targets for hacks as large cities sink greater sums into cyber-security infrastructure.
While financial databases weren’t breached in any of the cyberattacks in New Jersey this year, it has happened in the past in other states, and those systems very much remain at risk. Callow said that while efforts to address cyber-crime like Haider’s are a step in the right direction, local governments often find themselves playing “catch-up” after neglecting the issues for years.
“One of the solutions,” he added, “is getting governments to actually spend the money that needs to be spent before incidents happen faster,” he said.
A coordinated national plan could also help ensure vital records and databases are protected. Still, such a plan will likely not materialize immediately, and local governments are in charge of their own cyber-security for the time being.
However, most cyber crimes can be stopped with simple, inexpensive security measures, according to Callow, like creating strong passwords, updating software, and requiring multi-factor authentication to log in to systems.