By Margaret Jackson / NewsBreak Denver
(Denver, Colo.) The city could better protect itself from hackers if it managed third-party information technology vendors more comprehensively and centrally, according to an audit out this month.
“Every app, every online service, every digital tool the city uses has to be monitored for cybersecurity and cost control,” Denver Auditor Timothy O’Brien said. “Although city managers are very good at protecting the city, ensuring all possible safeguards are in place is essential to continued success.”
The public and private sectors rely more on web applications and data that vendors provide via the internet. O’Brien said reviews of third-party security safeguards should be conducted regularly.
The audit found that 31% of the 26 vendors tested since January 2021 had critical incidents, and the city did not attempt to collect restitution for disrupted services, including one vendor with 20 separate incidents.
“If the city never holds vendors accountable, then more vendors will test the limits of what they can get away with using taxpayer resources,” O’Brien said. “We identified only one case when a vendor reimbursed the city for failing to meet its objectives. However, this vendor self-reported to the city that it owed the penalties.