During a recent meeting of the Woodstock City Council, the council members heard from representatives of the Logicalis company, which had been hired by the city to conduct a cybersecurity study.

Drew Frazier with Logicalis said the security risk evaluation Woodstock had the company complete is the first step in the city being able to build a strong security program moving forward.

The council then heard from Bill Lisse and Paul Donfried, who went into greater detail about what the recently completed study and evaluation had found. Lisse said that, in the past, the city had experienced two minor cybersecurity incidents, but both of these were contained and managed well by the city’s IT department. While there have been significant improvements in the city’s cybersecurity through the implementation of various mitigation actions, Lisse said Woodstock is in need of city-wide security governance processes. During the evaluation, he said there were 16 different risk scenarios that were studied to understand the likelihood of each one happening, the impacts they would have and the status of controls put into place to prevent an incident or, should one occur, lessen its impact.

“The No. 1 risk that any organization, whether it’s government or commercial or not-for-profit, is that people are human and they make mistakes. So, in many cases, in fact, some of the statistics are 90 percent or better of breaches where private data is exposed occur because of errors that people make or accidentally expose sensitive data,” Lisse said. “On the opposite side, the malicious threats really come from, as I talked about, cybercriminals attempting to steal money, so ransomware, perpetuating a fraud, stealing credit card information and then using it. That is probably the most sophisticated of groups.”

When looking at Woodstock’s staffing and budget for cybersecurity, the company found that, when based on averages for both other cities and across the board to include companies and other entities, Woodstock is spending less than others, both as a percent of total IT spending and per employee. At the same time, it was argued that one key reason for this was due to Woodstock being a high-growth city, incorporating a lot of new technology in a number of city departments.

“It’s not uncommon that we see that gap,” Donfried said.

The company created a prioritized list Woodstock could follow and move toward an optimal cybersecurity setting. The items on this list, Lisse said, could be broken down into the four categories of quick hits, focused improvements, involved efforts and strategic initiatives. He also said one of the next steps the city should take involved key initial investments, such as creating a cybersecurity governance committee to coordinate policies throughout city departments, developing a cybersecurity incident response plan to be better prepared for events and reduce their impacts and investing in reasonable cybersecurity controls based on the risks identified through the study.

“Overall, we found that everybody in the city of Woodstock was very engaging, recognized where there were opportunities, participated fully and shared information with the purpose of looking to get better. I really enjoyed the opportunity to support the city and hope that you can use this information to better prepare the city and the staff and the citizens for dealing with some of the challenges ahead,” Lisse said.

Support Local Journalism

Now, more than ever, residents need trustworthy reporting—but good journalism isn’t free. Please support us by purchasing a digital subscription. Your subscription will allow you unlimited access to important local news stories. Our mission is to keep our community informed and we appreciate your support.

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.