In the wake of recent crippling cyberattacks like Texas towns’ ransomware scare and the Capital One invasive data breach, some states are taking action.
California’s cybersecurity voluntary task force is aimed at transforming municipalities’ approach to cybersecurity. First launched in 2015, the California Cybersecurity Integration Center (Cal-CSIC) was designed to bolster California’s readiness and response to destructive cyber-attacks, which increase the state’s vulnerability to economic disruption and critical privacy violations. The state’s Office of Emergency Services announced its search for a new director last week.
OES Director Mark Ghilarducci said their state was uniquely prepared to lead the charge in digital security and they seek to model their leadership for the rest of the country.
“Collaborative cyber-threat information sharing and mitigation is critical to the safety and security of our state," Ghilarducci said, "We are looking for a uniquely qualified individual to further the state’s leadership in this important area.”
Greg Martin, CEO of cybersecurity firm JASK and former hacker applauds California’s actions, urging states to follow suit, “it’s great what California is doing, with their cyber ‘national guard.’”
“I believe states have to step up to hackers, using federal and state tax money to spend more on cybersecurity education," Martin said. "If somebody sends a phishing email and any local workers fall prey, all the systems’ computer are connected, it’s incredibly difficult to regain control of the situation. Everyone needs to know basic security hygiene.”
He believes ransomware attacks like Texas’ hold-up will only become more frequent. New York, Louisiana, Maryland and Florida were also recently hit with Baltimore estimating the ransomware attack cost $18.2 million.
“Smaller cities and towns are vulnerable because they don’t have expensive cybersecurity and have low-budget IT systems, making them easy targets,” said Martin.
While more sophisticated systems of banks and hospitals have been hit in the past, the frequency of town attacks proves hackers prefer the easy, high-payoffs attacks of smaller communities.
The reformed hacker, who consulted for the FBI, Secret Service and NASA, says once a system has been ravaged by ransomware, there is little victims can do besides paying the ransom for the encrypted data. While the scammer will not have access to the data without user input, but often retrieving the highly-sensitive data is costly.
Martin recommends backing up data to reduce the severity of the attack.
“Making good backups of data like through a cloud like Microsoft or dropbox or generally backing up data and then restoring the backup after an attack can make the severity of hack much less.”
In addition to healthy cybersecurity hygiene and backing up data, Martin feels strongly cyber task forces can support smaller communities. One cost-free way towns can fortify their cybersecurity is innovative and often ignored, says Martin.
“Smaller municipalities will never be able to compete with Google or Facebook or bigger tech companies in defending themselves. Volunteerism is an overlooked way to address this problem,” he says, “There’s so much talent and big company workers could volunteer part-time to protect their communities and they’re just starting to rollout the response and cleanup.” He suggests these cybersecurity experts could volunteer even remotely, modeling California's group.
No matter the method, Martin stresses the importance of increasing cybersecurity preparation.