In March, the $1.9 trillion American Rescue Plan Act (ARPA) was signed into law. It includes approximately $350 billion in direct aid to state and local governments with funding for cybersecurity and privacy technology investments. Funds must be spent by Dec. 31. What does all of this mean for Indiana’s cities and towns?
According to a study conducted by the National Association of State Information Officers (via a white paper by KnowB4), “About 50% of states do not have a committed cybersecurity line-item budget. Even more concerning is the fact that 37% of states have seen a reduction in funding or no change at all. The lack of reoccurring funding translates to municipal networks and computers being put at risk to increasing cyber threats.”
What qualifies as a cyber threat? Think ransomware, which are virtual attacks on IT systems that lock down infrastructure encrypting data until ransom is paid. Recent research by Barracuda Networks indicates that 44% of global ransomware attacks in 2020 targeted municipalities. Yet the push to mitigate the risks appear to be lacking as a result of awareness, support and budget.
The Accelerate Indiana Municipalities board met in April to develop policy. This board includes some 20 leaders representing a wide range of geographic Indiana towns including Indianapolis, Fishers, Sullivan, Dyer and Mishawaka. Their policy paper for 2021 calls on local, state and federal cooperation and resources to protect municipal government data and its citizens’ data from cyberattacks.
With funds in play and AIM policy in place, now is the time for Indiana’s government leaders to assess and modernize the security of IT their systems. With the advent of cloud-based technology, the implementation cost compared to a data breach and ransom payment seems it should be an easy procedural decision. Consider the following.
According to the report “The Economic Impact of Cyber Attacks on Municipalities” from KnowB4:
- 2% of attacks in state government are targeted toward cities and local schools across the nation.
- The average cybersecurity breach costs states between $665,000 and $40.53 million, with a median cost varying from $60,000 to as high as $1.87 million.
- The average ransom amount demanded by cybercriminals from 2013 to 2020 was $835,758.33.
Seeing those figures makes the financial burden of a cyberattack difficult to stomach, particularly since municipalities shoulder so many responsibilities compared to most private and public businesses. Let’s say an Indiana town has a $30 million budget for 2021. Not only would it cause significant stress to budget but also to the daily systems related to police and fire protection, town government daily operations, power systems and on and on. And in the end that impacts citizens.
Comparably shifting systems to cloud-based, managed IT creates a secure system with a manageable cost. If we use the example of an Indiana municipality with a $30 million budget, let’s say there are 100 employees. The estimate for the cost per year is volume based per employee and would be $10,000 per month or $120,000 per year. That’s 4% of the overall budget of our fictional Indiana town. Now compare that total to the average cost of a ransomware attack cited above at $836,000 and the benefits start to come into focus.
The benefits add up
While shifting from a traditional IT system to the cloud sounds hard, it really is not. It takes about two weeks to move from a traditional system to the cloud and the benefits reduce risk.
Data is moved to and stored in a cloud workspace, residing in a separate, isolated environment independent of any particular computer. This removes the risk of ransomware encrypting data. A cloud-based workspace provider absorbs the burden, freeing the risk and fear of missing a configuration setting or needing to continuously update Windows and other software.
The cloud desktop gives freedom to use any Internet-enabled device, including PCs, MACs, smart phones, and tablets. If a laptop to be stolen from a car – or suddenly locks up – simply log into a cloud desktop environment from another device, such as an iPad, to continue working, even as you await the arrival of an IT technician.
Cloud-based workspaces mean savings. There is no additional cost associated with adding secure communications, encryption, and centralized control of your data. The cloud provider efficiently spreads the cost of security controls across the entire client base.
This savings also applies to hardware and software, reducing a municipality’s overall costs. Long gone is the need to purchase network switches, firewalls, servers, and other equipment. The bulk of required hardware and software is handled with onsite network equipment, included in an IT support plan. This reduces total cost of ownership over the long run because the cost is for only what is used. This changes the expense from a capital expenditure (CapEx) to an operational expenditure (OpEx), with a monthly service fee spread throughout the year.
While some might say, I’m not going to pay for what I cannot see, the reality is municipalities see the results of working in the cloud. Daily cost savings and efficiencies are quickly realized with the real and long-term threat of becoming the next victim of a cybercriminal diminished.
Aaron Toops is co-founder and CEO of AERIFY.io, managed services IT business that makes technology simple, safe, and fast. The team leverages the Cloud to allow small to mid-business teams affordable access to their information from whatever device at whatever time they need.