Abstract
The following is a partner paper published to the CISSE journal. For more information, please visit the PISCES website.
Small town governments were once thought to be at a lower risk from cyber threat actors due to their geographical isolation and small digital footprint. The past few years has shown that to be definitively false, with several different threat actors successfully attacking local municipalities, ultimately causing disruptions to critical services, monetary loss, and privacy breaches. With the now ubiquitous presence of the internet, the reality is small city governments are at the same, if not even higher, overall risk of being attacked as large entities. For small municipalities and organizations, there may not be much opportunity to invest additional resources into cyber security due to staffing concerns and limited budgets. This paper will discuss how, while it may seem the overall risk of a cyberattack is lower because these organizations are “small fish”, the probability and impact of an attack are just as high, if not higher in some circumstances, than large, high visibility organizations.