Cybersecurity focuses on risk prevention and response

It only takes a fraction of a second for a school, health care center, municipality or others to be the victim of a cyberattack. It could take months or even years to recover, if at all.

Brittani Robbins, executive director of the chamber of commerce, and Matt Gore, an educational technology leader and former IT director for the borough and Wrangell School District, are working together to educate Alaska communities about the threats to cybersecurity and how to mitigate them. They are also advocating for strategic partnerships to develop disaster plans and reduce response times.

Robbins and Gore recently attended and presented at an Alaska Society of Technology and Education conference where a lack of security was illustrated by Peter Clay, a cybersecurity expert.

“Within one hour in Anchorage, he did a little test. He was able to infiltrate the courthouse right across the street,” Robbins said. “There was no malice, this was just to test to see where there were vulnerabilities. People’s home cameras, he was able to get into. There were all sorts of things within one hour, and he’s not even a hacker.”

The White House last Monday held a briefing, asking for privately owned and operated critical infrastructure companies to “shore up their defenses against potential cyberattacks.”

Deputy National Security Adviser Anne Neuberger said that, though there weren’t any indications of a major attack since the U.S. and its allies imposed economic sanctions on Russia, companies should be aware of the potential for such threats.

“There are cyberattacks that occur every day,” Neuberger said. “Hundreds of millions of dollars were paid in ransoms by U.S. companies just last year against criminal activity happening in the U.S. today.”

Among the various types of cyberattacks, the most common are malware (which can be viruses, spyware, worms or ransomware), phishing and password attacks.

In 2018, the Matanuska-Susitna Borough was the victim of a large malware attack. The attack took out financial records, the borough’s phone system and email, and even the ability to register kids for swimming lessons, all from one click.

“It took Mat-Su back to paper for six months,” Gore said. “One of their users clicked on a link” that led to their entire system being infected.

The damage ended up costing the borough more than $2 million. However, Gore said, it could have been worse if not for the partnerships Mat-Su had set up that allowed them to respond quickly, keeping the breach from getting worse.

In May 2021, the Alaska Department of Health and Social Services was hacked, Gore said. “This actually took out the immunization system that services all school districts in the state. It’s still not back online yet.”

Gore said secretaries in Wrangell and at Southeast Island School District, where he works, and around the state “have had to reinvent the wheel … because they haven’t been able to bring the portal back online yet.”

Robbins said the changing technological landscape has made it necessary for communities and organizations to be more vigilant when it comes to cybersecurity.

“The possibility of a hack is significantly higher now with the world becoming so technological,” Robbins said. “The technology is expanding quickly, but technology departments are being reduced because of finances. That becomes dangerous.”

Indeed, many IT departments in smaller operations are generally one person overseeing an organization’s entire computer inventory, connectivity and security. Such is the case with the Wrangell School District, where IT Director Bob Russell is in charge of the entire system.

Russell is tasked with keeping the network secure, which is made possible through a combination of antivirus software and other products. Students use either Google Chromebooks or Apple iPads.

“With the increased use of bandwidth, we keep all the emails with Google, and Google is very good at security,” Russell said. “That takes a lot (of pressure) off the school. Most places used to run their own email servers and that, of course, is prone to problems.”

If any of the devices used by students and staff became infected with a virus, Russell wiping the machines and resetting passwords would be time-consuming.

Robbins said the identity theft of a child is “30 times more problematic because a … 10-year-old gets their information stolen from a school district, those kids aren’t going to realize their identity was stolen until they’re adults.”

Because children don’t have credit scores, their information can be far more valuable to identity thieves, sold multiple times. Gore recommends that parents use a service that allows them to put a lock on a child’s credit until they come of age. Those types of services charge a fee, but the problems they prevent could be worth it.

Partnerships between agencies are also extremely important, Gore said, as shared resources allow offices to cut down on response times in case they are victims of an attack.

“During a cyber incident, the first moments are key,” he said. “Partnerships come together to make sure they’re prepared in an emergency. The response times tend to go down.”

Wrangell Borough Manager Jeff Good said the borough’s cybersecurity is managed through Seattle-based BlackPoint IT. “We recently had them in town to check our systems and we upgraded some of our servers with new firewalls.”

Though there are plenty of preventative measures organizations can take to defend themselves against cyberattacks, Russell said if somebody really wants to hack a system, there’s not a lot of people can do. Gore echoed that sentiment.

“There are two types of organizations: Those that have been breached and those who don’t know they’ve been breached,” Gore said.

 

Reader Comments(0)