Welcome to this week’s Future of Security newsletter. Let’s get started.
Rio Arriba County, N.M., fell victim to a ransomware attack, which was first discovered two weeks ago. The incident encrypted network servers, electronic files, and databases. The extent of damage is under investigation. The affected servers, files and databases cannot be accessed, reviewed or edited. Officials discovered agencies had been victims of the cyberattack Tuesday and reported the intrusion to the county's insurance company and federal law enforcement authorities, according to the news release.
Criminal activity seems to be on the rise in the online world, while more traditional types of crime have dropped during the pandemic crisis. Many people are relying more heavily than before on online services for work, entertainment and shopping. This makes them more likely to become the targets of different types of online crimes. And the websites and online platforms that these Internet users access become more attractive targets to motivated hackers who aim to take them over and deface them.
Website defacement is the online equivalent of graffiti vandalism. It occurs when a hacker infiltrates a server on which a website is hosted and changes the content of the website with images and text of their own choosing.
Unlike more sophisticated forms of hacking, the act of website defacement does not require hackers to have highly sophisticated skills. In fact, several hacker typologies suggest that this form of online crime can be a stepping stone to involvement in more sophisticated hacking, as well as a way to gain a reputation in the hacking community.
In Georgia, a viral Facebook post falsely claiming new federal legislation would allow the government to forcibly remove people from their homes is an example of one of the many messaging challenges facing the state’s growing team of contact tracers.
The Department of Public Health wants to quadruple the number of tracers it employs in the weeks ahead, to upwards of 1,000, as it looks to contain the spread of COVID-19. It’s now embarking on a mini public relations campaign to explain to Georgians what contact tracing is — and clear up a bevy of misconceptions about the kind of information the state is collecting.
Winning the buy-in of the public is critical. Tracers’ jobs depend on people who test positive for COVID-19 to disclose sensitive information: their close contacts. The tracers then reach out to those contacts, urge them to isolate for 14 days and report their symptoms, which are fed into the state’s communicable disease tracking system.
Palo Alto Networks' 2020 JSAC Cybersecurity Summit gave viewers an insider's perspective on some of the challenges state government faces in the age of COVID-19.
North Dakota CIO Shawn Riley, one of the Tuesday panelists, shared the unprecedented operations his team has gone through to secure a rapidly changing government. "As COVID-19 became a very, very real pandemic for all of us, we all had to think really differently about how government is managed and how it's being delivered on a day-to-day basis," Riley said.
And his job is particularly delicate. North Dakota's recent reorganizations have given the Department of Information Technology an expanded responsibility to protect and deliver security policy to all public entities throughout the state. This means navigating new problems, including securing teleworking environments for people who have never worked from home before, he said.
"In a period of about four days, we moved 250,000 people out of their environments and into either a telework or a teleschool environment," he said. The entire executive branch was moved in about 48 hours, 65 percent of which had never worked remotely before, he added.
"We stood up a new education system for all of K-12 in four days' time; we stood up contact tracing in six days' time for the entire state; contact monitoring for the entire state; a new data system in 24 hours," he continued.