I curated this blog post. That means I didn’t write it. However, I did give a lot of thought to the AI prompt I typed on the keyboard, always believing my prompt was a way of conjuring up a spell to get a magical reward. Let me tell you, effective AI prompt writing is a skill and art form of its own.

This short article is the result of my first experience with Google’s Notebook LM. I scraped Google News for keyword “Cybersecurity” and I was served a list of 15 reliable (at least I thought so) news articles about cybersecurity trends since around 2020. I thought, anything before the COVID-19 pandemic happend at a completely different era. Here’s the result of my asking of Perplexity AI to summarize my 15 article sources and downloadable cybersecurity trend reports. Then I took the output (or result?) and ran it through ChatGPT 4o and prompted to rewrite in NLP style. NLP (Natural Language Processing) is Google’s latest filter for AI agents to interpret and consider prompt outputs as how a human would interpret them. Here it is.

The digital world is expanding rapidly, transforming how businesses, municipalities, and individuals operate. However, this growth brings new cybersecurity challenges, especially for public entities. Understanding the latest trends and proactively addressing potential cyber risks is essential for municipalities looking to bolster their defenses.

Data Breaches: A Growing Concern

Municipalities hold a wealth of sensitive data, making them prime targets for data theft and security compromise. In recent years, the cost of data breaches has surged, reaching an average of $4.88 million globally. This figure reflects not only the business disruption caused by breaches but also the intensive post-breach support required to rebuild trust and restore normal operations.

Key Factors Contributing to Data Breaches

• Exploitation of Vulnerabilities: Cyber threat actors are constantly identifying and exploiting weaknesses within software and hardware. The 2024 Data Breach Investigations Report (DBIR) illustrates how cyber attackers are increasingly targeting both known and zero-day vulnerabilities, making it clear that secure-by-design practices are crucial for safeguarding systems.
• Third-Party Risks: Municipalities often collaborate with third-party vendors, which increases their exposure to potential data breaches. The DBIR notes a 68% rise in third-party-related security incidents. Rigorous vendor assessment is, therefore, essential.
• Human Error: A large percentage of data breaches are linked to human error, often due to phishing scams and weak password practices. A recent study found that 88% of data breaches have some human element involved, with social engineering tactics remaining highly effective.

Email Phishing Attacks: Persistent and Evolving Threats

Email phishing remains a pervasive threat, exploiting people’s trust in familiar communication channels to obtain sensitive information. From email spoofing to social engineering, the tactics continue to evolve.

Trends in Phishing Attacks

• Business Email Compromise (BEC): Attackers impersonate trusted figures within an organization to prompt actions like money transfers. In 2023 alone, BEC scams led to over $2.9 billion in losses.
• Pretexting: This advanced social engineering method goes beyond simple phishing, as attackers create convincing scenarios to manipulate individuals into providing confidential data.
• AI-Powered Phishing: The integration of AI tools in phishing scams is on the rise. While still relatively new, AI allows for sophisticated, large-scale phishing operations that can be customized for specific targets.
• Opportunities for Municipalities: Enhancing Cybersecurity Posture
• As cyber threats grow, municipalities can leverage several proactive measures to improve their digital resilience:
• Strengthen Security Awareness Training: Educating staff on cyber hygiene practices can dramatically reduce the risk of successful phishing scams and other social engineering threats.
• Implement Robust Security Controls: Establish a multi-layered defense strategy, including tools like multi-factor authentication (MFA), endpoint protection, and zero-trust frameworks.
• Leverage AI and Automation in Security Operations: Automation tools can improve response times and help identify threats faster, reducing the impact of breaches.
• Focus on Vendor Security: Ensure that all third-party vendors meet specific security criteria, as supply chain risks continue to rise.
• Data Governance: Establishing strong policies for data handling and reducing shadow data can minimize vulnerabilities in municipal infrastructure.

Conclusion

The evolving threat landscape necessitates a robust, forward-thinking approach to cybersecurity for municipalities. By understanding emerging threats and proactively implementing enhanced security practices, municipalities can safeguard their digital assets and public trust.