Danvers – Cyber-attacks can occur anywhere in the world, but state experts brought the problem down to the local level on Thursday.
Speaking at North Shore Community’s College’s Danvers campus, Curtis Wood from Secretary of Technology Services and Security for the State emphasized the number of cases involving cyber-crime. “I will tell you at any given week, we see billions, billions of penetrations trying to get through our network. Billions cause it’s all automated. Billions. That’s a huge number. Think about that.”
Attackers, in Wood’s words, “bad guys,” could be anyone from overseas such as Russia, China, North Korea, or just kids in the basement in Chicago. Not only from the outside, but bad guys could also come from the inside, such as an angry employee. They have the key to everything, with the easiest effort to disable the most important infrastructures such as highways or water systems. From 2020 to 2022, average cybersecurity breach median cost has increased $0.49 million, and most ransomware attacks are for money, according to Major Joseph Blume. Organizations have to pay hackers to get the code to fix their systems, and selling information is very lucrative in this time.
Another fact that Blume brings up is that 44 percent of global ransomware attacks in 2020 targeted municipalities, which is why municipalities cannot ignore their cyber defense.
Defending attackers in the pre-incident stage is essential. Lieutenant Colonel Tim Hunt explains, “in a pre-incident stage where we can come in and assist that municipality and collaborate with their IT department that they have and kind of get them into a better position, a better cyber defensive posture.” When municipalities have a better cyber defense, they do not attract more attackers than before because they are not an easy target anymore.
National Guards can support municipal cyber defense through Mass National Guard (MA NG) to improve their pre-incident structures. There are a few pre-incidents assistance provided by MA NG, including plan review, assistance in creation of software or map of network, configuration review for critical devices such as firewall, threat modeling, network validation and vulnerability scan, full vulnerability assessment. This is a list from least intensive to most intensive, when during plan review, MA NG only needs to review a plan; during vulnerability assessment, the municipality must already have a network.
With several years in the cyber crimes unit, Lieutenant Detective Brian Gavioli shares his experience. A lot of cyber-attacks are not sophisticated and can be avoided. The State police provides training for cyber hygiene to the public, from how to tell phishing emails to password suggestions. Above that, state police do outreach to the community, and encourage people to call. There is also a 24/7 watch center for cyber incidents.
Sylvia Chen can be reached at [email protected]