Cyber threats are growing, and the cost associated with them continues to rise.
In the last six weeks alone, cyber criminals have successfully infiltrated local governments in the city of Laredo, TX; city of Edcouch, TX; city of Riviera Beach, FL; city of Key Biscayne, FL; city of Lake City, FL; Fayette County, OH; city of Baltimore, MD; and Luzerne County, PA.
Of those attacks, Baltimore has confirmed damages of over $18 million, Riviera Beach paid the hackers $600,000, and Lake City also made a $460,000 bitcoin payment to the hackers in an attempt to get their files back.
Our cyber enemies are getting good – really good. And what’s even scarier is that their recent successful attempts have left them hungrier for more.
How long will it be before South Carolinian cities and counties become the next victim?
Afterall, it wasn’t all that long ago when the South Carolina Department of Revenue struck by a data breach that compromised the financial and personal data of millions of residents. And while they didn’t end up paying a ransom, our state still suffered severe financial costs—an estimated $14 million.
As cyber threats grow and security measures continue to be lackluster, it is not a matter of if, but when. The enemy is going to attack our local government, and it is unclear how ready they are. Fortunately, there are steps Dorchester County’s local governments can take to minimize the risk of becoming a victim to cyber-crime.
First, users need to ensure their operating system and all of their third-party applications are up to date. If they are outdated, security holes are being left unpatched. Therefore, users are leaving the backdoor wide open for cyber criminals.
Second is analyzing your current antivirus program. Often times, security solution providers use a reactive approach to security. Meaning, the software will only block known bad files, permitting all other unknown files to install.
Then, if one of the unknown files happens to be bad, they will work to remove it – if possible. Based on industry research, this approach is no longer feasible.
This is why the US-CERT, FBI, and NSA have all encouraged the use of application whitelisting. By using a whitelist, the device will only be allowed to run known, trusted programs.
This means, even if the enemy found a way to worm their way into the server or computer, they couldn’t install anything malicious, because only good programs and files can run.
Third is education. Knowing what today’s cyber threats are, and the red flags to spot them will help decrease the likelihood of unintentionally downloading a malicious attachment or clicking on a malicious link.
The fourth suggestion is practicing proper password hygiene. This includes using complex passwords, including capital and lower-case letters, numbers and special characters. These passwords should also not be written down.
Alternatively, users can utilize a password vault to manage and protect all of their passwords for each account. Passwords should also not be used across multiple accounts, personal or professional. Additionally, users need to update their passwords every six weeks.
The fifth and final thing is, backing up files. Storing data on an external hard drive or cloud-based network will help with the restoration process if a cyber-attack were to corrupt systems.
If the backup of choice is an external hard drive, it is important to unplug the hard drive from the device once the backup process is completed. If users fail to do so, there is a risk of the backup files too becoming infected if a cyber-attack were to execute.
The reality is, cyber threats are evolving daily, and unfortunately there is no silver bullet. However, if government offices are implementing these five suggestions, the risk of falling victim is minimal at best.
The reality is, everyone has a part in helping South Carolina lead our nation in the cyberwar. Rather than waiting for the next cyber-attack to happen, we must take action, and reach out to our local government offices to urge them to begin using these five cyber security tips identified above.
Afterall, they possess your personal information too, and you have the right to know it is being kept secure.