And based on what they've seen in early 2020, a similar warning has now been issued: that hackers show no signs of letting up and will likely focus on the 2020 election.
"What's more likely is that these cybercriminals will cause disruption," said Brett Callow, Emsisoft spokesman. "Because most elections operate at the county level, local governments need to prepare."
But because of this year's tense political climate, and overall spike in cyberattacks, Callow predicts cybercriminals will zero in on the election.
Kim Barton, supervisor of the Alachua County, Fla., Elections Office, says the department began to look at cybersecurity preventive security measures years ago, and officials work to keep up with the latest internet security updates.
"Cybersecurity is an always evolving field, so our office expects that we will continually be updating our training, procedures, and systems to keep ourselves as protected as possible," she said.
She said the office conducts ongoing training for employees to learn about possible threats, and how to respond in emergencies. She added that cyberexperts ensure sure their data and hardware software is up to date.
Three years ago, the Department of Homeland Security classified election processes as "critical infrastructure," placing them in a highly protected category of operations considered vital to keep the United States functioning.
Barton said the reclassification has allowed the office to work with cybersecurity experts from federal government agencies in the local elections office.
Three years after the reclassification, the Federal Bureau of Investigation says it's now receiving a record number of complaints about internet scams and crimes.
In a report published Tuesday, the FBI's Internet Crime Complaint Center says it received 467,361 complaints in 2019, the highest number since the center was created in 2000.
Florida ranked second in the nation among complaints per state, behind California, with a reported 27,178 calls to the crime center.
But the numbers only reflect the organizations that publicly report they've been attacked.
Callow gauges that 80-90% of organizations do not disclose that their systems have been infected with malware — or worse, ransomware — to authorities. The only reason Emsisoft becomes aware of them is when hackers publish the stolen data.
Local governments, health and education organizations are attacked at a rate of more than one per day, he said.
Last October, the city of Ocala fell prey to an email spear phishing scam, with over $740,000 of the city's funds transferred to a hacker group.
Officials recovered more than $717,000, and the city's insurance provider paid $19,000 of the balance. Total net loss was $5,000.
Callow stressed that local governments must focus attention and money on cybersecurity, something he says has been ignored for too long.
"Local governments are simply vulnerable and need to take steps to increase their security," he said.
Officials from Cyber Florida, a state-funded organization that aims to inform citizens about cybersecurity, are also urging local government leaders to get serious about ransomware.
The organization has held cybersecurity workshops and training for small businesses, and most recently, local governments in Tallahassee on Thursday.
Kate Whitaker, spokeswoman for Cyber Florida, said the overwhelming majority of smaller cities share a similar message with the organization: They're aware of the threat, but don't have the funds or resources to combat the looming issue.
She urged governments to find room in their budgets.
"It's always cheaper to prevent these things than to clean up later," she said.
©2020 The Gainesville Sun, Fla. Distributed by Tribune Content Agency, LLC.