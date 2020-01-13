In 2019, the enemy targeted and claimed more victims across the United States than ever before. In a series of rapid-fire attacks, the enemy successfully infiltrated Northport Medical Center in Alabama; Jasper County in South Carolina; Cherry Hill School District in New Jersey; and hundreds of other local governments, small businesses, and county hospitals.
Unfortunately, our cyber enemies are getting good and their recent successful attempts have only left them planning their next attacks. As their skills continue to grow and the complexity of their attacks continue to increase, it leaves one asking — how long before an Iowa city or county falls victim?
Surely cybercriminals wouldn’t target Iowa, would they? Unfortunately, they would and already have. In fact, it wasn’t all that long ago when Waverly Medical Center in Bremer County was crippled by ransomware.
During my time as U.S. Attorney for the Southern District of Iowa, I saw first-hand how ransomware and malware attacks can plague a state at all levels. As the acting attorney general of the United States in 2018, I witnessed the evolution of cyber-crime methodology, the advanced frequency and the increased sophistication of malicious coding.
As these cyber threats continue to grow and security measures continue to fall short, the question we should be asking is not if these criminals will attack, but when. We should be considering if Black Hawk County is prepared. Fortunately, there are steps the county’s local governments can take to minimize the risk of becoming a victim to cyber-crime.
First, users and IT directors should analyze the existing antivirus program being used. Often times, security solution providers use a reactive approach to security. Meaning, the software will only block known bad files, permitting all other unknown files to install. Then, if one of the unknown files happens to be bad, they will work to remove it if possible. Based on industry research, this approach is no longer feasible and should not be utilized. This is why the National Institutes of Standards and Technology, the FBI, and NSA have all encouraged the use of application whitelisting. By using a whitelist, the device will only be allowed to run known, trusted programs. This means, even if the enemy found a way to worm their way into the server or computer, they couldn’t install anything malicious, because only good programs and files can run.
Second, users need to ensure their operating system and all of their third-party applications are up to date. If they are outdated, security holes are being left unpatched. Therefore, users are leaving the backdoor wide open for cyber criminals.
Third is education. Knowing what today’s cyber threats are and the red flags to spot them will help decrease the likelihood of unintentionally downloading a malicious attachment or clicking on a malicious link.
The fourth suggestion is practicing proper password hygiene. This includes using complex passwords, including capital and lower-case letters, numbers and special characters. Additionally, passwords should never be used across multiple accounts and should be updated every six weeks.
The fifth and final thing is backing up files. Storing data on an external hard drive or cloud-based network will help with the restoration process if a cyber-attack were to corrupt systems. If the backup of choice is an external hard drive, it is important to unplug the hard drive from the device once the backup process is completed. If users fail to do so, there is a risk of the backup files too becoming infected if a cyber-attack were to execute.
Cyber threats are evolving daily, and unfortunately there is no silver bullet. However, if Black Hawk County government offices implement these five suggestions, the risk of falling victim is minimal at best.
We all have a role to play regarding cyber security. Please reach out to your local government offices and urge them to begin using these five cyber security tips identified above. Afterall, they possess your personal information too, and you have the right to know it is being kept secure.
Matt Whitaker is PC Matic outside general counsel and former U.S. Acting Attorney General.