Cybersecurity is something many of us don’t take seriously until there’s been a breach of some kind. But experts warn, the time to focus on prevention is before the bad actors attack. Jason Sgro of the Atom Group spends his days (and nights) investigating attacks and how to prevent them. He explains why cybersecurity is everybody’s responsibility with The State We’re In host Melanie Plenda.
The following content has been edited for length and clarity. Watch the full interview on NH PBS’s The State We’re In above.
Melanie Plenda: A recent University of Maryland study reported that there is an attempted cyber-attack every 39 seconds. How can that be? And why are most of us unaware of this?
Jason Sgro: You see statistics all the time – like we’ll block ten thousand attacks a day or there’s one attack every 39 seconds – and it really is a wide net scenario where these attackers are attacking in multiple ways. They attack multiple times, even faster than 39 seconds, and they’re really just looking for the one that gets through. That’s the burden that our information security professionals face: they have to operate flawlessly all the time, but an attacker only has to be right once.
Melanie Plenda: Do we know who’s behind these attacks? Can you walk us through some of the different types of cyber-attacks?
Jason Sgro: There’s really two kinds of attacks that the municipal governments are facing. The first is business email compromise, and that’s when an email username and/or password is lost either through a phishing email or is entered into a lookalike website; maybe the user mistakes it for a legitimate website. Then that account is monitored for a period of time, and eventually they’ll be asked to transfer funds or make an ACH transfer to a fraudulent organization. They’ll use the data that they find inside of that email to make that request look legitimate.
The second one this year is ransomware, and ransomware is when a threat actor or an organization detonates a virus essentially inside of the network of the city or town and then locks up their computer systems and their data. They then get extorted in two ways. The first way is to get their data back and decrypted. The second is to have the data not released publicly. A lot of these organizations are now exfiltrating the data during these attacks because they know that some of this data is personally identifiable, some of it is very sensitive, and if they threatened to release it publicly, there’s a high likelihood of payment.
Melanie Plenda: Interesting governments, businesses big and small, and individuals are all at risk, but what are some of the basic preventative measures we can take to ward off attackers?
Jason Sgro: The cyber vulnerabilities that we face have been around for a long time. There’s municipal governments operating in a lot of ways like the way it was five to seven years ago. If you can think about using a cell phone from five to seven years ago, that technology is rather antiquated, not only from the user perspective, but from the security perspective. Staying current with cybersecurity applications, as well as infrastructure, is really important.
There are two things that I really recommend. The first is making sure that we have a cyber security assessment done in all our organizations, and it doesn’t matter the organization size. We need to work with a valid party to understand where those vulnerabilities are, because one of the big issues is that leadership in these organizations can’t see the cyber threat. It’s a little nebulous, it’s very techie, so we want to make sure that we adequately see the threat so that we can mitigate it. The second is making sure that leadership is truly involved in the conversation. The involvement through all levels of our government and our governmental leaders with their insurance companies, with their cyber security folks, with their technology teams really needs to be active and visible in order to facilitate the conversations that are going to make us safe long-term.
Melanie Plenda: There are some that are concerned that hackers are trying to access voting machines. How worried should we be about that? Are there systems in place to prevent an election cyber attack?
Jason Sgro: Election cyber is definitely something that is being dealt with at the state, local, and federal levels. There are a lot of programs and a lot of professionals looking at this process and it really is on the towns to have good controls, a data flow, and make sure that we understand how best to protect ourselves. A lot of that work is ongoing, and so from the perspective of, should I be worried about the election results? It is absolutely a target, no doubt about it, but it’s also something that we’re really focused on, and I expect the protections to increase every time we do this. We are getting better at protecting electronic voting.
Melanie Plenda: When elections are targeted, is it the actual voting machines? Is it usually the town’s computer systems, the voter rolls? What is it typically that gets targeted?
Jason Sgro: It’s a wide variety of things, and the voting machines are actually one of the hardest to target. If we assume, and we do make this assumption, that a lot of criminal organizations choose the path of least resistance, then going after the town’s computing systems or the systems that allow us to transfer data across the networks is a bit of an easier target than actually targeting the voting machines. I worry a lot less about voting machines specifically, but I understand the burden placed on the towns to secure their networks, especially during key times.
Melanie Plenda: What is the one thing you’d like people to understand about the world of cybersecurity?
Jason Sgro: This really is a human privacy problem, it’s not a technology system problem. It’s not any one company that’s going to develop a software that is going to save the day. We have to come together as a community and we have to understand the types of threats that are out there. At our jobs and in our government organizations, we need to really understand our role in combating cyber threats. We do that by building resilience into ourselves and our lifestyle and understanding that technology is a huge part of our lives. It’s going to become an even bigger part of our lives, and that opens us up to certain types of crime. It’s not any different than rules like we don’t leave our keys in our car, or leave our doors unlocked and wide open, because we perceive those threats. The digital world has as much the same threat profile, and we need to become aware of that and realize that if we don’t participate as individuals, no one is going to do the job for us.
These articles are being shared by partners in The Granite State News Collaborative. For more information visit collaborativenh.org.