Here's the real story of the recent cyber security attack on city hall. Prior to 2022, the cybersecurity budget for the city of Lowell was zero. Only in 2022, did the city receive a cyber security grant for $89,585 and then in 2023 a grant only for $40,561. The average salary of an IT security Administrator "is" close to $90k, but that's "annually". We hear in the news that we have thousands of job postings that go on unfulfilled. Everyone must be lazy? But in our example the 2022 budget requesting to fill a cybersecurity position went on to never being filled because it had no job security, pun intended. Just my opinion but I highly doubt anyone would be able to hire a half decent admin that would give a damn if they know they'll only just be hanging around for under the year.
Ransomware as a business isn't the type of criminal activity where targets are put on a list for a gang to exert energy trying to break in. Ransomware is all about picking the low hanging fruit or more often about picking up the rotten fruit that's already fallen to the ground...
IT as a whole is not a one stop shop. IT is an integral branch and a division unto itself of vastly differentiated departments. You have the software guy, hardware maintenance, network maintenance, the help desk, compliance officer and then you have a cybersecurity wing. These jobs are not interchangeable but distinct and depend on completely different skill sets then another. Just because you have an IT department doesn't mean you have a cybersecurity person. This is why the city was hacked. Not because it was a target but because the city made it an afterthought and never even bothered to fund it as a job, if nothing but just a task. Tasks don't get done by themselves, tasks get done by people. Hire a damn cybersecurity position and payroll it as an annual salary!
Here's the real story of the recent cyber security attack on city hall. Prior to 2022, the cybersecurity budget for the city of Lowell was zero. Only in 2022, did the city receive a cyber security grant for $89,585 and then in 2023 a grant only for $40,561. The average salary of an IT security Administrator "is" close to $90k, but that's "annually". We hear in the news that we have thousands of job postings that go on unfulfilled. Everyone must be lazy? But in our example the 2022 budget requesting to fill a cybersecurity position went on to never being filled because it had no job security, pun intended. Just my opinion but I highly doubt anyone would be able to hire a half decent admin that would give a damn if they know they'll only just be hanging around for under the year.
Ransomware as a business isn't the type of criminal activity where targets are put on a list for a gang to exert energy trying to break in. Ransomware is all about picking the low hanging fruit or more often about picking up the rotten fruit that's already fallen to the ground...
IT as a whole is not a one stop shop. IT is an integral branch and a division unto itself of vastly differentiated departments. You have the software guy, hardware maintenance, network maintenance, the help desk, compliance officer and then you have a cybersecurity wing. These jobs are not interchangeable but distinct and depend on completely different skill sets then another. Just because you have an IT department doesn't mean you have a cybersecurity person. This is why the city was hacked. Not because it was a target but because the city made it an afterthought and never even bothered to fund it as a job, if nothing but just a task. Tasks don't get done by themselves, tasks get done by people. Hire a damn cybersecurity position and payroll it as an annual salary!