Cybersecurity Insights From Connect

A recent security report noted cyberattacks on state and local governments are up 50% in the last three years. In addition, extended work from home has increased cybersecurity risks. As Lynn Moore, Tyler’s president & CEO noted during the Opening Session, “Cybersecurity is a key component of a modern GovTech Stack.”

Below are a few top insights from two dynamic cybersecurity sessions to help governments navigate the rapidly evolving cyberthreat landscape.

Remaining Diligent in Cyberspace

Assistant Special Agent in Charge Matt O’Neill, a special agent with the U.S. Secret Service (USSS) Office of Investigations, shared invaluable cybercrime insight with Connect attendees. The current reality of cybercrime is that it's a real threat against all aspects of our lives from businesses to families to individuals. “Simply stated,” said O’Neill, “everyone is a target.”

Threats come from both nation-states and from financially motivated cybercriminals. Luckily, the USSS is working hard to combat these threats, and there are actions we can all take to stay diligent and mitigate risk. “The USSS strategy is to go after the bad actors in every way that we can,” O’Neill said. One of the key ways to defend against attacks is to understand current trends that come from daily engagements with strategic national and international partners.

Of note:

• 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
• 51% of breaches included malware.
• Nearly 50% of all fraud losses in 2020 were related to business email compromise.
• Those business email compromises represent more than $26 billion in losses for 8,800 victims (double the victims from 2019).
• Ransomware infecting a system through phishing emails increased 109% in the last two years.
• The damage from ransomware attacks is predicted to rise to $11.5 billion.
• Detection is key: the Financial Fraud Kill Chain can only be initiated up to 72 hours after an attack to attempt to stop money transfer.

To combat these risks, O’Neill pointed to education. “Ultimately,” he noted, “it comes down to the human factor and educating employees” on risk and smart practices. Educating C-suite or government leadership is important as well, to encourage employees to challenge suspicious requests. “Making assumptions makes your sector vulnerable.”

To prevent business email compromises, O’Neill suggested examining auto-forwarding and auto-deleting rules in government systems along with putting dual controls in place to ensure that no one person can affect large wire transfers. He also recommended pre-event planning with tabletop exercise, stressing the importance of “knowing what to do before it happens.” Finally, organizations should consider joining InfraGard and local cyberfraud task forces.

Evaluate Your Cybersecurity Readiness

Use this questionnaire to determine your organization’s cybersecurity posture.

“If you have data that’s valuable, you are a target of ransomware,” O’Neill stated. To combat ransomware, he suggested the following:

• Have disaster recovery and business continuity plans
• Use two-factor authentication for account logins
• Enable password timeouts to prevent brute force attacks
• Use the principle of least privilege for user-access permissions
• Train employees to recognize phishing emails

“Cyber is a team sport,” O’Neill said. Ultimately, businesses and governments can help by engaging in collaboration and smart practices. In the end, said O’Neill, “prevention is cheaper than recovery.”

Vigilance Starts With You

Dan Lohrmann, chief security officer and chief strategist at Security Mentor, Inc., senior fellow at the Center for Digital Government, and cybersecurity advisor to the public and private sectors for more than 30 years, imparted practical, actionable information to attendees to help them stay cyberaware and cybersecure.

Lohrmann provided tips on how attendees can protect their data in a world of new cyberthreats and make life more secure online. This is especially important as the coronavirus pandemic accelerated virtual and online engagements and work, increasing the threat environment.

Regarding the pervasive threat of ransomware, Lohrmann asked attendees to consider whether or not they had good backups, and if those backups were regularly tested. In addition, he urged attendees to take stock of their cybersecurity exercises as well as the participants. Employees in all areas should be involved and should be able to answer, “Are you prepared if you get hit?” In addition, it’s important to understand the nuance of cyber insurance policies in the event that insurance is needed.

“More and more, our lives are surrounded by devices,” Lohrmann noted, in describing the vast IoT (internet of things) landscape and how attendees should think about securing everything connected with a sensor, chip, or IP address from smartphones and tablets to cars, homes, and even cities. To put the risk of an interconnected world into perspective, “an average of 70 million smartphones are lost on average each year,” Lohrmann said, “with only 7% recovered.” He also noted 80% of the cost of the losses from lost laptops are due to data breaches, and 52% of devices are stolen from offices and workplaces.

The point, Lohrmann explained, is that “the data on the device is worth so much more than the device.” And, regardless of device, what matters is how you protect it and the strength of that security. Among Lohrmann’s tips for securing IoT devices were the following:

• Activate available security
• Change default passwords
• Don’t reuse passwords
• Use separate home Wi-Fi networks for smart devices
• Update to the latest firmware/software and use updated patches
• Turn on appropriate privacy
• Do your homework: is the cheapest device the best?

Drilling down to the challenges of business and personal data together, useful tips included encrypting data both in transit and at rest, along with regular data backups. In addition, using two-factor authentication for email and social media is important, though three out of four people in the U.S. currently do not take advantage of this free preventative measure. Finally, for organizations, the most important component of security awareness is to “train and train again,” with frequent, focused, and relevant sessions.

As a parting thought, Lohrmann implored attendees to stay informed and be lifelong learners. “We need to be thinking constantly,” he noted, about the people, processes, and technology behind effective cybersecurity.