THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
The Threat
Kent English, Director of IT at Doña Ana County
Just like any other profession, cybercriminals are constantly perfecting their craft and collaborating with each other to create new methods of penetration and infiltration. The financial motivation alone is enough to keep them working around the clock for a potential payoff of millions of dollars for just one successful hack. Some of these criminal groups are funded by nation-states, which provide them with unlimited resources and advanced tools. Although many of the next-generation network devices have implemented artificial intelligence features to help detect and defend against security breaches, cybercriminals are also utilizing the same technology to architect their attacks.
The Target
Government entities have become high-value targets for these organizations. Just this year, data was stolen from the US Marshals Service, the Minneapolis Public Schools, and the City of Dallas, to name a few. After the systems are compromised, the criminals typically encrypt the data and ask for a large ransom to provide the key to unlock it. Sometimes, they will threaten to release sensitive information to the ‘Dark Web.’ Obviously, paying the ransom is no guarantee that the data will be unlocked. Many, if not all, organizations have cyber insurance, which will help with the costs associated with an attack. They can also provide resources to assist with incident management and response.
"Cyber criminals are always looking for a weakness that will provide an entry to your systems."
The Weakness
Just like a chain that is only as strong as its weakest link, so is your infrastructure and organization. Cybercriminals are always looking for a weakness that will provide an entry into your systems. It could be an old device that has surpassed the manufacturer’s end of life (EOL) and is no longer supported or a system that has not received current security patches or firmware updates. Often, it’s the employees who are targeted to provide a gateway inside your company. The criminals use methods like phishing emails, texts and phone calls to try and compromise an individual. Using information shared on personal and professional social networks, they can easily target specific interests, emotions, and curiosities.
The Deployment
Once a weakness has been identified, the cybercriminals will attempt to deploy a package that will enable access to the system. The package may be hidden in an attached document/picture or delivered in a link to a webpage. Clicking on the link or opening the attachment can allow a program to be installed, providing remote access. Once a system has been compromised, it can use other tools to obtain elevated privileges and access adjacent systems and storage. This is usually a slow, gradual process to avoid detection and give them time to infiltrate as many systems as possible. Once the access is in place, the criminals may wait until a critical time for the company to deploy ransomware and encrypt the data. Coordinating an attack with end-of-quarter / year processing, a product or partnership announcement, or a company merger can increase the urgency to resolve the situation and pay any ransom.
The Defense
The first line of defense is to identify and remediate any system and network vulnerabilities. There are many tools/services available that can help with penetration testing to analyze your current environment and report all potential issues found. Addressing critical items quickly will greatly improve your security posture and reduce the overall risk. You should have a hardware refresh policy to ensure that any equipment approaching end of life (EOL) or end of support (EOS) is addressed early. All systems should be on a patch schedule for applying the latest security patches and firmware. Security policies should address attached documents containing macros, and endpoint protection should be current. For employees, make sure password policies require more complex words or phrases and that they lock their workstations when away from their desks. Everyone can benefit from occasional safety reminders, and regular cybersecurity training is a must, especially around the holidays.
Read Also
