Disruptions, Disclosures, and Loss… Oh My
Cyber Safe Workforce has posted its semi-annual Cyber Roundups for the first half of 2018 for cities and counties, higher education, and K-12. Here’s what we’ve noticed: Disruptions were prevalent, particularly in cities and counties. Ransomware accounted for the majority of disruption stories across all three categories–eight of the twelve incidents. The others were caused by different malware, denial-of-service attacks, or a voluntary takedown of services due to third-party compromises.
Our old friend accidental disclosures also appeared. Employee mistakes included sensitive information discarded in a dumpster instead of shredded, misconfigured servers that exposed information to the internet, and replying to Freedom of Information Act requests with sensitive data. Information handling must be part of any security awareness program, and technical or procedural controls meant to prevent data disclosure should be applied where feasible.
There were fewer direct financial loss stories (at least in the stories we found and from what has been reported thus far). Perhaps the past few years of Business Email Compromise warnings have helped public entities avoid wire fraud and vendor payment scams. If you don’t already have a procedure in place to verify requests for payment or vendor banking changes in your Accounts Payable department, today would be a good day to implement one!
Read our Cyber Roundups here.
Utilize these stories as cautionary tales of what can happen when security of information and digital assets are not prioritized. And, in particular, note where security and awareness training may have changed the outcomes of many of these incidents.