Cornelia city officials awoke the morning after Christmas 2020 to find out they’d been hacked.
Luckily, they were prepared. Cornelia had already gone through a hack in 2019 and made significant upgrades to their IT security in the aftermath. So, while the hackers attempted to extort the city in a ransomware attack, none of Cornelia’s city services or resident data were compromised.
“You have to have layer upon layer of security,” said Cornelia IT Director Jeremy Dundore.
That includes an antivirus software that isolates any city computer that gets infected with malware, he said. Then, the virus can’t spread further into the city system. Local governments are regularly attacked by hackers, often targeted for their troves of employee and resident information or as part of a ransomware attack, where hackers hold a network hostage until the victim pays a ransom. The city of Atlanta was the victim of a paralyzing ransomware attack in 2018 that took city computers offline for five days and cost millions in recovery work.
State Rep. Victor Anderson, who represents Cornelia, wants to add another tool in cities’ defenses against these attacks. Anderson has sponsored House Bill 134, which would allow local governments to discuss cybersecurity issues during executive session, out of public view. Cornelia’s hack and one in Hall County spurred him to push for this extra layer of protection.
“[Hall County] had a work session on a Monday, planning to vote on a cybersecurity contract that was discussed and basically revealed the inadequacy of the protection that they had at the time,” Anderson said in a video explaining the bill. “The vote was scheduled for that Thursday. That Wednesday, they were attacked.”
The bill passed in the House in February and at the time of print is awaiting a Senate vote.
Allowing cybersecurity discussion to be kept private would help cities further protect against hacking attempts, Cornelia City Manager Donald Anderson said.
“You don’t need to let everybody know what security you have in place because then you are [also] letting the hackers know what is in place,” Anderson said.
An investigation into the Cornelia hack by an outside firm isn’t yet complete, but Dundore believes the hacker got into the system through a city vendor that had administrative access.
“This particular vendor has multiple clients, and they all got hacked at the same time,” Dundore said.
Since the hack, additional security measures have been added to Cornelia’s network.
While it may be easy to assume larger cities are bigger targets, Dundore urged other small city governments to put preventative measures in place, lest they get caught unprepared.
“If other municipalities and other folks don’t take the steps we have taken, you’re going to see a significant uptick this year with small cities being targets,” Dundore said. “At this point, threat actors don’t care how big you are. They want to get in there and compromise your data.”
This story originally appeared in the March/April 2021 edition of Georgia’s Cities magazine.