COVER STORY
CYBERATTACKS AND RANSOMWARE DEMANDS ON MUNICIPAL GOVERNMENTS AND SMEs By Kamala Raghavan, CPA, CFP, CFF, CGMA
M
unicipal governments and small to medium (SME) enterprises are facing an escalating number of cyberattacks and ransom demands. These attacks are crippling their systems and costing them funds that could be deployed to increase stakeholder services. “Ransomware is a pandemic in the United States,” said Joel DeCapua, supervisory special agent in the Federal Bureau of Investigation’s cyber division referring to the malicious software deployed by hackers who are
14 Texas Society of CPAs
increasingly going after smaller targets. Municipal governments and SMEs are attractive targets for the criminals due to their vulnerable technology infrastructure and weak cybersecurity protocols as compared to the corporate sector. These organizations are increasingly using loosely integrated networks of information systems to deliver services to stakeholders and are generally not prepared to combat data breaches due to limited resources. They are also relying
increasingly on small third-party outsourced technology providers who are not able to protect sensitive stakeholder information. It’s hard to quantify the total impact of ransomware attacks because most are not publicly reported. This article discusses several incidents and offers a suggested preventive, detective and corrective procedures’ framework for use by managers and auditors in reviewing and monitoring compliance, with the goal of avoiding expensive corrective actions after the incident.
