Atlanta was warned about vulnerabilities months before cyberattack, audit shows

Atlanta hit with ransomware attack

ATLANTA -- Atlanta was warned months before a recent cyberattack that its IT systems could easily come under attack if they weren't fixed immediately, an internal audit obtained by the CBS affiliate WGCL-TV shows. In the 41-page audit, which was presented to city leaders last summer, the city was told that its IT department was on life support and that were no formal processes to manage risk, WGCL-TV reports.

The document states, "the large number of severe and critical vulnerabilities identified has existed for so long the organizations responsible have essentially become complacent and no longer take action." 

The audit also said "departments tasked with dealing with the thousands of vulnerabilities ... do not have enough time or tools to properly analyze and treat the systems."

"This situation represents a significant level of preventable risk exposure to the city," the audit said.

The city auditor said a department typically responds with a plan of action within weeks, but it took the city's IT department months to respond.  

"One of the audit findings was: they need more resources," City Auditor Amanda Noble said.

"The people that are working in the department now, and have been working very hard, are just busy putting out fires," she said.

Atlanta computers held hostage in cyberattack

Noble said the city had been implementing security features when the cyberattack unfolded last week.

"There were some vulnerabilities that had been identified for a while in the previous administration, definitely, that they were still working to fix," Noble said.

She also said threats increased tremendously over the last year, and that those threats are fluid and often hard to keep up with. 

Officials were still trying to recover this week, days after the ransomware attack crippled the city's computer network and blocked access to electronic records. Investigators including the Federal Bureau of Investigation are working to figure out the identity of the culprits, who demanded the equivalent of about $51,000 in bitcoin to unlock the shuttered systems.

The use of ransomware, which lets hackers seize control of computers belonging to individuals, businesses and local governments, has been on the rise in recent years.