4 minute read
Managing Risk Cyberattack: Not IF but WHEN Will Your Agency Be Ready?
Municipalities and special districts are key targets for cyberattacks, making it critical for agencies to understand their vulnerabilities and assess their networks to reduce the likelihood of a cyberattack. The complexity of knowledge required to stay one step ahead of bad actors is ever evolving. Corey Kaufman, General Manager of Accent Computer Solutions, a VC3 Company, provided attendees at the Special District Risk Management Authority (SDRMA) Spring Education Day 2023 event education and resources on this important topic. In 2022 the DOJ Crime report cited $10.3B in losses, and receives approximately 651,800 complaints annually. Municipalities and special districts are the largest target, with 44% of attacks taking place in municipalities. Of these, 70% are phishing for login credentials and 90% originate in email systems.
Technology changes rapidly. Public agencies adapt slowly to the heightened actions required to prepare for cyberattacks, and to create response and recovery plans. In 2005, the landscape for cybersecurity was simple. Back then, if an agency implemented a password protocol, a firewall, basic antivirus software, and backed up their data it was generally considered sufficient to cover the threat level.
Today, that list has expanded to include a many vulnerabilities and corresponding protections. “These steps don’t necessarily mean you will never have an attack,” cautioned Kaufman. “What it means is that you’ll be prepared.”
Agencies have threat exposure from their activities, as well as from their employees’ personal activities. Each person with an online presence, including email, social media, profiles for smart homes, banking, etc., poses a risk. Employee online presence opens the workplace to vulnerability they unknowingly bring to work. The internet and social connectivity aren’t going away, and an employer cannot ask an employee to live life offline. To combat the inherent risk posed by engaging in the digital world, agencies must proactively plan for threat detection.
Prevention: Public agencies work with strained budgets, and while some cybersecurity practices can be costly and require a full budget process to implement, there are low cost best practices that public agencies can take immediately. One necessary component is training employees to identify email phishing. More broadly, building a culture of cyber awareness will result in a wide spectrum of watchfulness, thus increasing the likelihood of identifying and repelling attacks. Networked email systems such as Microsoft Office or Gmail should be checked by the network administrator to ensure the function “allow auto forwarding” is disabled. These systems should also have multifactor authentication activated. In both instances, the IT administrator has access to the fields to simply uncheck the default settings; thus, enabling both of these cyber protections to cover the agency’s entire networked environment.
Regularly installing software updates is also critical to agency cyber protection. Municipalities have been known to be as many as ten years behind in software versions! This leads networks that are vulnerable to attack. There are two general types of updates to be aware of: Desktop and server updates require a manager, or a team, to make sure they are being pushed regularly for existing applications; and the Server Operating Systems require upgrades as they approach their end of life. For example, Server 2012 is going ‘end of life’ in October 2023. The server upgrade expense needs to be budgeted for well in advance; without the update, the agency risks being exposed to significant vulnerabilities. Notably, employees using personal devices can also pose a risk to the agency. Mobile smart phones and laptops need to be considered for threat detection. It is recommended that employees not be allowed to use personal devices for work, thus keeping employee activity in the networked environment and under the control and security umbrella of the IT administrator.
Detection: What happens when a “bad actor” gets into your networked environment? While many believe the system will alert them to the trespasser’s presence; in reality, such invaders often “dwell” in the environment for weeks before being detected, scanning for data to determine which information will be most lucrative. To avoid this, threat detection measures are critical to deploy.
“Agencies must realize that the prolific nature of the ongoing threat of cyberattack should equates to a ‘not if, when’ mentality toward protection,” said Kaufman.
Threat detection can include scanning the network internally for vulnerable data or access once a trespasser is inside, and external scanning to understand the systems’ visibility. Dark web monitors can detect data being sold on the digital black market. Passwords and data sets are always on sale on the dark web!
Kaufman advised, “To reduce the likelihood of a password breach, employees should not be saving passwords on browsers, and should use approved password protocols such as longer, more complex passwords.”
Response / Recovery: It is critical that the network has a separated data backup that is regularly monitored, updated and tested. To ensure it is not included in a breach, the data backup must not be connected to the network. Agencies should have a written response plan for cyberattacks to identify the first responders, critical steps, and timeline of response to isolate the breach from the rest of the system.
Cyber insurance is an important tool that may provide subject matter experts for response to a cyberattack, including some policies that provide forensic teams that may offset the cost of an attack and soften the financial impact. SDRMA’s Cyber Risk Advisory division advises anyone who believes they’ve been the victim of a cyberattack, data breach or ransomware demand to immediately report it to your insurance carrier as well as the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov.
Steady as you go.
When your team and ours all pull together, you get the sure-footed stability you need to proceed with confidence. As an extension of your staff, we are always at the sidelines delivering service and expertise. For everything from Workers’ Compensation and Property/Liability coverages to Health Benefits options available throughout California, we are here to keep you going strong. For more information, visit sdrma.org.
