DiNapoli: Cyber Security Investments are Cost Effective
Comptroller's Snapshot Reports IT Breaches on the Rise
State Comptroller Thomas P. DiNapoli today reminded local governments and school districts that they can save money and trouble by investing in cyber security. DiNapoli released a report on Information Technology (IT) security that detailed local government security breaches and identified preventive measures.
"IT security breaches cause a lot of damage," DiNapoli said. "And taxpayers end up footing the bill to repair that damage. It's a lot cheaper to prevent a breach than it is to repair one after it happens. Despite tight budgets, local governments and school districts should be investing in cyber security; it's an investment that will pay off. "
Recent studies have found that security breaches are up 48 percent since 2010, with 16 percent affecting government entities. A breach costs the public sector an estimated $81 per record and potential financial impacts range from $2.8 million for small counties to $67 million for the state's largest counties. Several cyber breaks have already affected New York's towns and school districts.
DiNapoli's report highlighted several examples of local government IT security breaches. In the Duanesburg School District, hackers transferred $3 million in funds overseas. Illegal software on the town of LeRoy's computers was traced to a 14-year-old intruder using the network for illegal Internet games and cost $80,000 to remedy. And a 16-year-old Shenendehowa High School student was charged with identity theft after he hacked into the school's computer system.
In his Snapshot report, DiNapoli noted that even in tough fiscal times, local governments and school districts can take simple steps to reduce their chances of being targeted by hackers, such as:
- Regularly tracking IT activity, including all remote access activity.
- Limiting, restricting and periodically updating access rights.
- Developing and testing disaster recovery plans.
- Providing off-site, secure storage of back-up data.
For more information on IT Security, visit: http://osc.state.ny.us/localgov/pubs/lgmg/itsecurity.htm or the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC).