Ville de Westmount > News > Westmount optimizes the security of its IT systems
News 

Westmount optimizes the security of its IT systems

Cyberattack
On November 2022, the City of Westmount was the target of a cyberattack that paralyzed a large part of its IT system. The City immediately contracted a cybersecurity firm to remediate the attack, restore the systems securely, conduct a forensic investigation and provide recommendations to strengthen the City’s IT infrastructure. A complaint has also been filed with the Service de police de la Ville de Montréal (SPVM).

All the City’s IT systems were quickly and securely restored. The ransomware group, LockBit, claimed responsibility for the attack and threatened to leak the exfiltrated data on the dark web. However, despite the City’s refusal to contact the hackers, and constant monitoring of the dark web, our teams did not observe any data being published. An intrusion and attempted data extraction did take place, but there is no evidence that the extraction was successful or that the volume of data exfiltrated corresponds to that claimed by the hackers. The Information Technology (IT) Department and external experts hired by the City remain on the alert and continue to monitor the situation.

Strengthening the security of the City’s IT systems
Since the attack, measures have been taken to reinforce the City’s IT infrastructure and systems as part of a continuing improvement program. These measures include the acquisition and deployment of new equipment and tools to reduce the risk of intrusion and enhance network security. The City of Westmount has also signed an agreement with the Fédération québécoise des municipalités (FQM) to benefit from a cybersecurity monitoring, intervention, and remediation service. The agreement provides real-time monitoring of all city systems, 24 hours a day, 365 days a year. A review of authentication processes has also been carried out, and new processes have been put in place to mitigate the risks of intrusion.

Beyond technology, staff also play an important role in strengthening system security and protecting an organization’s data. To this end, the City reinforce its IT Department expertise by hiring a Information Systems Security Division Head. This new resource will be actively involved in assessing system vulnerabilities, carrying out penetration tests and security audits. In addition, an awareness program for at City employees will be carried out.  This program will aim to implement best practices in cyber security, strengthen the City’s resilience to cyber threats, and create a change in mindset and behavior regarding information security. Ultimately, this program is expected to contribute to employee buy-in and commitment to cybersecurity initiatives, reduce human error and mitigate security risks.

Cybersecurity: a shared responsibility, let’s all be vigilant!
In today’s interconnected world, organizations of all sizes and individuals are faced with ever-increasing cybersecurity threats. For this reason, cybersecurity awareness is crucial for protecting people, data privacy, safeguarding digital assets, internet security, and the fight against cybercrime. By staying informed and adopting best practices, individuals can help create a safer, more secure digital world for all. If you’d like to learn more and get tips on cybersecurity, visit the getcybersafe.ca national campaign website and the Government of Canada website at cyber.gc.ca.