Dutch municipalities easy prey for cyber attacks

Municipalities in the Netherlands do not provide cybersecurity training against cyber attacks and are therefore extremely vulnerable to them, ANP reported. Many of them also do not have their online security methods regularly checked. Those who do, commonly discover major security flaws.

This has emerged from the research of magazines Binnenlands Bestuur and AG Connect. They contacted representatives of 27 large, medium and small municipalities spread across the Netherlands. A full list of municipalities involved in the research was not provided but included the municipalities of Utrecht, Breda, and Leeuwarden.

The research stated that the small municipality of Zeewolde in Flevoland was a positive example of of a city taking an active role in combating cyber threats. According to the report, Zeewolde hired people to conduct simulated attacks on their security system. The municipality has also successfully prevented those attackers from gaining access to their network.

A common security gap that was encountered was not properly securing the workplaces in town halls. Research stated that most municipalities, including Zeewolde, failed to prevent people from strolling into their town halls and potentially gaining easy access to their system networks.

Cybercriminals have targeted several Dutch municipalities in recent years. Hof van Twente, in Overijssel, fell victim to a ransomware attack when a hacker obtained the weak password to access the gateway for the city’s systems. That password was “Welcome2020”, and though the city had access to a two-factor authentication method, it failed to implement it.

Twenty years of data was wiped out as a result. The damage was estimated to be between three and four million euros.

The municipality of Lochem was also hit by ransomware in 2015 and narrowly escaped a more recent attack in 2019.