Feb. 10, 2020
City Reviewing Recommendations from Cyberattack Assessment
After experiencing a cyberattack on Dec. 7, 2019 that impacted the City of Pensacola's network, the city engaged Deloitte & Touche LLP to assess the incident and provide observations and recommendations to mitigate the risk of further cyberattacks.
Deloitte & Touche has completed its assessment of the incident and provided the City of Pensacola with areas of strength along with opportunities for improvement, which the city will be evaluating and implementing where feasible to increase network security.
Key findings from Deloitte & Touche's assessment included:
Areas of strength:
- Backups: Backups for major systems were readily available promptly following the attack
- Proactive Communication: The City of Pensacola proactively communicated with the public, rather than failing to acknowledge the attack
- Proactive Protection: Out of an abundance of caution, the City of Pensacola chose to provide identity theft services to clients to protect them in the event of a potential damage as a result of the attack
Opportunities for improvement:
- Staffing: Consider dedicated security staff
- Incident Response Plan: Consider developing a more robust Incident Response plan
- Security Assessments: Consider conducting regular assessments of the security posture of the City and addressing issues as they are discovered
Deloitte & Touche was hired by the City of Pensacola to assist with the investigation of the incident and to determine, to the extent possible, the initial compromise vector, the extent of the attack, and what internal data was exposed or stolen by the attackers. Deloitte & Touche was also asked to provide security observations and recommendations with the intent of improving the overall security of the environment and mitigating the risk of further cyberattacks.
The City of Pensacola will be evaluating the recommendations included in Deloitte & Touche's executive summary, along with additional security measures outlined in the full report, which will not be made public in order to maintain the city's network security (exempt from public records per Florida Statute 119.071(3)). Deloitte & Touche’s executive summary is available online at cityofpensacola.com.