Earlier this week, one of our teammates sent me an article late in the day to read from our local NBC affiliate entitled “Over thirty Arkansas counties impacted by cyber-attack”. The very next morning, I was in a meeting discussing this very topic.
As I read the article, it was apparent that the issue wasn’t the counties themselves but rather the hosting solution – Apprentice Information Services (AIS). And the symptoms seemed to indicate ransomware.
While continuing to research the issue, I came across an article that tells me that we still have a very, very long way to go in educating the general public. A statement was made by a county official saying: “There’s nothing to ransom from public record,” You see, that’s simply not accurate.
Yes, ransomware has evolved into threatening to release the information as part of the ransom for extorsion and that isn’t something this county would be at risk of. But what they are at risk of is exactly what they’re currently dealing with – their system is down, and AIS appears to not have the tools in place to recover quickly.
And then, those same officials make statements like: “…it even impacts payroll.” and “assured everyone that the hack did not impact elections.”
I could write an article with thousands of words trying to educate on these statements, but I won’t. Instead, I’ll focus on the basics:
· Assure that your systems are fully recoverable and that it’s tested regularly
· Enable 2FA everywhere without exception
· Ensure you have next-generation endpoint detection in place
· Ensure you have next-generation perimeter protection in place
· Partner with a Technology Coach that implements World-Class IT solutions
· Avoid “absolute” statements in the PR. The truth is, unless you know, you don’t
Hacks are occurring daily. The days of “DIY” technology or cutting corners are over.