A cybersecurity expert believes Saint John has an opportunity to learn from the ransomware attack that took down its network last November.
Last week, City Manager John Collin told council that a third-party review found it very unlikely the attack had caused the city to lose any confidential data like personal payment info.
Dominic Vogel is the founder & chief strategist of Cyber SC. He says the city can use their experience with cybercriminals to prepare for the future.
“This affords them the opportunity to build security in right while there are still lots of cities and municipalities that feel ‘oh, we dodged a bullet, but we don’t need to invest in cybersecurity,'” Vogel said. “They’re sort of living in a false world.”
Vogel pointed out that there are never any guarantees that no personal information was lost in a breach, however it is reassuring that a third-party company was consulted and found no evidence of payment information going missing.
The concern now is that the city and residents let its guard down once again.
Vogel says hackers don’t necessarily need payment information to consider an attack successful. Instead, they can use other info to launch future successful phishing attacks.
“(Non-payment) information can be used to craft more believable phishing emails that can be sent to you,” he said. “And if those emails are more believable, you’re more likely to fall victim to that.”
So long as the city remains vigilant, and considers the advice of cybersecurity experts, Vogel believes last November’s attack could prove to be a helpful learning experience.
“What we need to see long-term from the city and this executive, is they don’t have short-term memory and think ‘oh, we survived this. Nothing bad happened, no data was compromised. We’re not going to change our ways.’ I’m very hopeful that they do change their ways.'”