The county has spent about $656,000 as of mid-December to get its system absolutely operational, with the vast majority of the cash — round $578,000 — going to consultants and pc safety firms for server set up, compliance work, journey bills and different actions, officers mentioned.
Cybersecurity specialists mentioned the worth tag for fixing the issue will probably enhance.
“That sounds somewhat guide heavy to me,” Andy Inexperienced, a lecturer of knowledge safety and assurance at Kennesaw State College, mentioned of Henry’s spending to this point. “If the consultants received greater than half 1,000,000 and solely $100,000 went to enhancing their expertise then they both spent an excessive amount of on consultants or they’re nowhere close to achieved spending on the expertise.”
Brad Johnson, Henry’s assistant county supervisor, defended utilizing the consultants, saying they had been supplied by Georgia Know-how Authority and accepted by pre-arranged state contracts.
“Our workforce did a number of issues to attenuate the implications of the assault and system shutdown performed a significant function in it,” Johnson mentioned. “Nobody could be completely ready for such an occasion and we’re higher ready at present than we had been previous to the incident.”
Henry was attacked within the early morning hours of July 17 and instantly shut down its complete system to guard taxpayer info.
Throughout the three weeks it took to get the community again up and operational, the county returned to utilizing paper for filings such companies as constructing permits and enterprise licenses. The hack additionally pressured county staff to make use of private electronic mail and made it tougher to entry court docket information that had been digitized and to course of paperwork from the tax assessor’s workplace.
The assault was one in every of many who have hit metro Atlanta over the previous few years, together with a hack of the town of Atlanta’s community in 2018. The attackers demanded $51,000 in bitcoins in alternate for encryption keys to get better Atlanta’s knowledge. Two Iranian males had been indicted by the U.S. Division of Justice in October within the Atlanta assault, and others.
A confidential memo obtained by The Atlanta Journal-Structure and Channel 2 Motion Information in August 2018 estimated Atlanta had contracted to spend round $6 million to carry its system again however may should put one other $11 million towards the work earlier than the method was full.
Henry officers have declined to be particular on how they’ve repaired their system and what software program they’re utilizing to keep away from giving potential hackers info that might result in one other assault.
The county’s expense record describes most of the prices as “section I” of bringing the system again. The excellent stability for $78,000 is listed as a part of “section 2.”
Consultants on the work embrace Georgia Know-how Authority, Compliance Level, Fivepoint Options and Strategic Tech.
Johnson, the county assistant supervisor, mentioned Henry has cyber insurance coverage by way of the Affiliation of County Commissioners of Georgia, however to this point that coverage has solely paid out about $four,000. He didn’t know when different funds can be made.
David Barton, a managing director of accounting agency UHY Advisors who makes a speciality of expertise danger and compliance, mentioned cyber insurance coverage is a rising choice for municipalities because the cyber risk has grown. However he cautions leaders not to consider it as permitting them to take their eye off ensuring they’re defending themselves.
“Consider it like fireplace insurance coverage,” he mentioned. “You don’t need to have it and by no means take note of retaining your facility from catching fireplace. You possibly can’t do it blindly.”
Help actual journalism. Help native journalism. Subscribe to The Atlanta Journal-Structure at present.
See affords.
Your subscription to the Atlanta Journal-Structure funds in-depth reporting and investigations that hold you knowledgeable. Thanks for supporting actual journalism.