With all the conversation around the cybersecurity incident relating to CrowdStrike, the City of Columbus has been battling its own cybersecurity incident separate from the worldwide one last week.

  Currently the city of Columbus is battling their own incident. In a statement from the mayor from Monday, is believed to be due to a malicious phishing email opened by a city employee. The abnormality was discovered by the Department of Technology and swift action was taken to contain and limit the expose, including the severing of internet connectivity to protect data from being exposed. This was to protect data and ensure that the threat does not spread further. This was then followed by the start of an investigation.

The city has stated that the employee payroll, and the emergency numbers remain functional, but are impacted. As the systems are shut down, employees must work on paper. No city employee can receive or send external emails. Personal information will have to be taken down on paper and sent on Gmail, separate from professional emails with policies in place, but as the other option was to shut down emergency services, this was the better option for the safety of the public.

 Along with that, the city’s building, zoning and development portal also appeared to be down on Wednesday morning, along with the police’s online report system. It also expanded some of the city’s online maps, showing exactly how far this has spread, beyond a simple email and one department.

The city outages are also hindering the Franklin County Municipal Court services, said by spokesperson Jodi Andes. Access to law enforcement databases is affected and notices to jurors, and the online access to juror questionnaire.

There are further hindrances to the people housed at the Franklin County Jail. On that point, some criminal matters have been affected due to the unavailability of some systems, but the court ensures that each case will be reviewed individually with the parties to ensure that there is fair treatment and any unnecessary loss of liberty for those impacted.

The officials are trying to determine what information may have been accessed due to the threat. They have not disclosed in detail what the threat was, as the investigation is still ongoing. Currently the running theory is still a ransomware attack started by a phishing email.

"The city has engaged law enforcement and cybersecurity experts to eradicate the threat, comply with applicable laws and limit further risk. If individuals are impacted, they will receive notification," the mayor's office said in a statement.

 In the most recent news, the department of Columbus City authorised to send employees home to work, although on a case-to-case basis. Everything that is occurring is on a job-by-job basis. The city HR department isn’t tracking how many people are working from home, as they anticipate the problem to be short-term.

 This is due to the issues of connecting to Wi-Fi at the workplace, as for some employees it is simply easier to be able to access the internet at home rather than using hotspots at work.

The city is prioritizing public safety, public health and public utility departments to be the first to be up and running in the next few days.

 Currently this is all believed to still be due to a ransomware attack, as an attacker would gain to benefit a lot from the amount of personal data they would be able to access from a city’s database. How much of the data was accessed the city is currently unable to say, it could be from nothing to massive amounts of personal information.

 If the theories are true of this being due to a malicious email, it is a warning to us all about how little it could take to take an entire city down. More than ever, training staff and ensuring they can recognise phishing email is important. As we can see, a simple email could be enough to take a city down, let alone a single organisation.

  As of right now, the FBI could get involved if evidence is found that this could have been hacking, but currently everything is up in the air relating to what was the cause and how severe it is. Hopes are that departments that are the most critical can get up and running within the next few days. Currently the next step is to thecomputer-aided dispatch system used by first responders – it had been working, but not as efficiently as was needed for law enforcement.