As Cybersecurity Awareness Month draws to a close and All Hallows’ Eve nears, it’s time for one last thought. And it is, appropriately, a dark one – the “Dark Web”. It is the graveyard of the Internet, a maze of death-filled tombs and twisted conjurings that are giving average, everyday people access to some pretty scary technology. Unfortunately, a few disgruntled folks will take advantage of it in an attempt to make some quick cash, settle an old score or just create chaos at your agency’s expense. So how are State and Local Governments dealing with this real and growing threat?
Many are investing in industry-leading cybersecurity that is threat-centric and gives them deeper visibility across their entire network (learn more here). This gives them a real-time edge, enabling them to stop many attacks dead in their tracks. But many government agencies are doing nothing.
Ok, so maybe that’s you. You’ve read a lot of straight-forward, technical blogs on cybersecurity this month and the threats facing your agency. But they may have been a bit confusing or perhaps too technical for you to understand. So you’re still hesitant to pull the trigger on deploying a defense. You may be left thinking doing nothing is still a viable alternative. The old “ignoring it is easy and cheap. And maybe I’ll get lucky and nothing will happen on my watch” way of thinking. But that is very unlikely. Be warned – by not implementing a threat-centric defense, the option of trick or treat will be made for you.
One positive however, by not making a decision, you will get to use this pretty cool “Pick your Poison” press release I created for you. Just copy and paste and save for that fateful day:
***FOR USE IN CASE OF CYBER ATTACK ONLY***
It is my duty to inform the public, media, and other government agencies that on (insert date here) a cyber-attack, the first against our agency, was initiated. It was successful. Initial indications are that it was caused by (select method that applies):
- Wi-Fi spoofing which allowed the attackers to mimic our local, trusted WiFi signal and trap dozens of unsuspecting users into connecting and giving up passwords and critical data. This information was used to download sensitive files and disrupt internal communications. It appears to have been done by an individual with a pre-existing grudge against our leadership.
- Malware that was attached as a file in an email and sent to numerous members of our agency. One person opened the file and it immediately began spreading. Over the next few days and without our knowledge it was able to spread to public safety, transportation and utilities. The attack is ongoing and we are suffering significant electrical outages, loss of emergency communications and other severe strains on our resources. Recovery may take months and have significant impacts on budgets and our ability to serve the public.
- Insider theft where a person employed at our agency for over two years engaged in espionage. This was a relatively quick and easy attack method that involved the suspect inserting a thumb drive and activating a program to automatically send files and real-time data to a predetermined address by hiding it among other traffic. The targeted assets appear to be related to financial documents, private personnel records and sensitive inter-agency files.
- Sabotage in which a terminated employee had placed ransomware on our agency’s network that was activated after their dismissal. Unfortunately, despite paying the ransom, our agency’s files appear to be unrecoverable and we have no backup in place. The terminated employee also appears to have damaged network protocols. The full extent of that damage is still unknown and efforts to correct it have failed as we do not have the staff or internal resources to handle this scale of event.
Hopefully, you’ll never have to use this list and are taking a pro-active stance on cybersecurity. If not, I would suggest starting with solutions that could serve as a force multiplier instead of just adding more staff since experienced personnel are hard to find. Automation via advanced security tools and outsourced services is key, plus it can be scaled as your budget and needs demand.
So as Cybersecurity Awareness Month draws to a close and the ghost and goblins of cyberspace prepare their tricks, we encourage you to enjoy a treat instead by bookmarking year-long learning opportunities at Cybersecurity for Government and staying current on the latest threats and how to defend against them at Talos Intelligence.