Hackers and scammers are everywhere these days.

Spoofed phone calls bombard most of us daily. Emails are continually landing in our inboxes with misleading links and dangerous files attached.

Security breaches at major companies have probably put some amount of your personal information in the hands of data thieves.

We often think of hackers as targeting individuals, or in the case of hacked databases, information about large numbers of individuals.

But new reporting from the New York Times has shed some light on a surprising target that’s becoming a favorite of hackers around the globe: city governments.

Hackers are trying and sometimes succeeding in infiltrating city government computers, stealing cities’ data and often holding it for exorbitant ransoms. Right now, 22 towns in Texas had their data taken and held for millions in ransom by a “single threat actor,” according to the Times.

Hackers target small towns as well as big cities such as Atlanta and Baltimore, but small towns are the biggest target. Small towns are more likely to have weak cyber-defenses, according to the reporting.

Unfortunately for many cities that get hacked, the best option in a terrible situation is to pay the ransom and get their data back. Because local governments are so reliant on databases and computer systems, losing the information on which they run is akin to a natural disaster blowing away half the town.

We need a wake-up call for all city and county governments here in central Kentucky. Leaders shouldn’t fall into the trap of thinking they’re too small to attract the attention of hackers. The small size of many Kentucky towns might make them prime targets. A successful hack could devastate city services or even the local tax rates if a big payout is required to restore everything.

We also shouldn’t be lulled into thinking this is a fad that will fade, or that security improvements will eventually lead to the demise of these hackers. Internet security has been and always will be a never-ending arms race. As soon as someone develops new security measures that stop the old threats, the stymied hackers will begin developing new tricks and finding new vulnerabilities.

Kentucky cities should assume they are already the target of these malicious actors. They must make sure they are doing everything they can to be proactive.

Employees must be trained to identify scam emails. IT professionals must be hired to create secure systems that are difficult to attack. Data must be backed up in multiple ways and at locations hackers can’t reach. And cities must develop plans of action for what to do if and when the worst occurs so that their reactions are logical and effective, not knee-jerk.