Champaign IT chief tells council about increased risk of cybercrime

Champaign IT chief tells council about increased risk of cybercrime

CHAMPAIGN — The city's information-technology director warned council members at Tuesday's meeting about an increase in cybercrime directed at municipal governments.

Until recently, Mark Toalson said, most cybercrimes have targeted people to get credit-card numbers or lure them into offering money online. But over the last few years, he said, the severity of cybercrimes has increased drastically, particularly ransomware attacks.

In such an attack, as happened to Atlanta in spring 2018, unsuspecting victims are lured into opening an email or a link that secretly installs malware on their computer, giving the sender control of the machine — and often the systems it connects to.

"Six months later, Atlanta still has some systems down," Toalson said. "When it hit, they lost numerous files, years of data, years worth of emails and communications. They've lost legal files, systems have been down for months. It was a significant disaster for a city."

Estimates for repairing the systems brought down by that attack range from $2 million to well over $10 million.

And such incidents aren't isolated, Toalson said, noting in a memo to council members last week that six cities around the country have been hit with similar ransomware attacks affecting payroll, utilities, finance systems and other vital functions.

"If you can imagine our city shutting the doors to our finance department," Toalson said. "In Atlanta, 1,500 home sales were stopped because the city couldn't pull records. Imagine what it would be like if we were to tell people, 'I'm sorry, but we can't process that.'"

Toalson told council members that the best way to protect the city's system is to add redundant infrastructure that could keep vital functions online despite an attack. This would essentially mean having a duplicate copy of the city's system that would be able to kick on within an hour.

But right now, the city has to figure out other ways to defend itself. That's why Toalson said his department has been investing in training, hardware and software to deal with potential threats.

Already, the high-priority targets have been identified and further protected: the mayor, council members and city manager's office.

Toalson showed council members two recent examples of cyberthreats to the city:

— Just two months ago, a city employee received an email that appeared to be registered under Mayor Deb Feinen's name asking if they were available to talk. It wasn't sent by Feinen.

— In the other incident, City Manager Dorothy David's name was used to attempt to spread ransomware.

It's these recent threats that have prompted training sessions for employees who have a history of accidentally clicking on a bad email or link.

Daphne Greaves, network administrator for the city, said that the sources that send out email attacks "are run like a business."

"Their business is to understand how we do business, our social behavior and our weaknesses," Greaves said. "We have to be cognizant about transparency. We have to be aware that the more transparent we are, the easier it is for people to mine our information and to identify patterns."

Greaves explained that right now if a user is caught in a phishing campaign — where they're tricked into handing over money or potentially sensitive information — or otherwise introduces malware into the city's system, they will be automatically enrolled in some training. She also said that phishing campaigns build on each other so that if someone is caught more than once, they will get more training.

This is all hopefully to prevent a situation like Atlanta's from happening here.

"But we have to remember that the severity of any incident is directly related to the time it will take to recover, which is directly related to the cost of recovery," Toalson said. "Detection and time are critical. Hopefully we don't get hit with an attack."