Cyber security was on the agenda at the 2016 Technology Education Conference, held on April 7 by the New Jersey Government Information Sciences (NJ-GMIS) organization, an association of government IT leaders.
One of the presenters was Brian Rexroad, executive director of threat analytics at AT&T, who spoke about how municipal and county IT managers can combat cyber attacks.
The talk, called “Tracking Cyber-threats — What Government Agencies Need to Know,” was one of a number of presentations offered to the attendees, who came to The Palace at Somerset Park to network and learn. Also at the event were a number of vendors who sell to the New Jersey government market.
Here are some of the cyber-security issues Rexroad discussed that should be of concern to municipal and county IT leaders:
- The internet of insecure things. A lot of low-cost devices are being added to networks now. Their manufacturers have “done almost nothing” to make these devices secure. Some even have backdoors built into them deliberately, making them ripe for hacking.
- Lifecycle support. If systems aren’t being supported throughout their lifecycles, they are vulnerable. Just because a system has been there for a long time without giving you any trouble doesn’t mean it’s secure. Hackers are always probing old devices and software for vulnerabilities. Also, the manner in which systems are used isn’t static, and new types of data could be going into them.
- Analysis of activity is necessary before an attack. If you wait until after you’ve been attacked to start analyzing information, you may mistakenly identify normal activity as an attack.
- Get the authority beforehand to act quickly once you spot an attack. Many state and municipal government employees have to wait for approvals before they can make a move. Getting this authority involves educating those up the chain, as they’ll have to understand what you’re up against and why moving quickly is essential.
- Automation is your friend. Along that same line, organizations should strive to automate the identification and detection of anomalies, so they can be remedied faster.
- Learn from attacks. “Don’t wait for your own incidents to learn from them. Try to learn from other incidents, as well. Many have been published and can be studied.”
- Everyone has a role to play in maintaining security. Have regular programs in place to educate everyone in the organization. All employees should at the very least be able to examine an email and figure out if they should open the attachment.
- Use encryption, but use it carefully and purposefully. “I see encryption where it is of little value.” In a data center, encrypting disk devices is of little value, as there’s already security around the data center. However, it would be worthwhile to encrypt laptops that are floating around.
- Prepare for mass destruction. Right now “ransomware” attacks are the worst case scenario. In these attacks, hackers encrypt everything on your computers and anything attached to them, and then demand ransom in exchange for restoring the computers to you. To prepare for this, make safe and secure backups of all data. As attached devices can also be encrypted by the ransomware hackers, keep multiple offline backups of systems. If you are affected by ransomware, take your computer off the network right away, so you can stop the spread. Also educate your people, so if someone in the organization gets a ransomware prompt from the hackers, he’ll know whom to contact. Finally, have a plan on how the restoration process will work and what the priorities are. “You aren’t going to be able to restore all of this at once.”