Protecting Yourself from Cyberattacks at 2019 Summer #MACoCon

Attendees to the 2019 MACo Summer Conference learned how they can protect their county’s valuable data against cyberattacks and ransomware at the “Held Hostage: Protecting Your Data from Cyberattacks” panel on August 14.

Center for Internet Security Program Specialist Kyle Bryans stressed that organizations need to treat cyberattacks as a business problem and not exclusively as an information technology problem. Bryans described the threat posed by the info stealer malware program Emotet. Emotet can alter its form to bypass defenses and drop both ransomware and banking trojans (programs that mimic an online bank login) into a compromised system. Bryans also discussed business email compromise scams, third party data breaches, and out of date software.

Montgomery County Enterprise Information Security Official Keith Young highlighted what Montgomery County has experienced and how the County has responded. Young noted that all organizations are constantly under attack (the County sees 2.5-2.6 million attacks daily). Young stressed that breaches will happen, and you need to have policies in place to minimize the damage. Effective protections include: (1) cyber hygiene; (2) two factor authentication; (3) cyber incident response exercises and plans; (4) user training; and (5) risk management, including cyber liability insurance.

Skyline Technologies Public Safety Solutions Director John Contestabile stressed that you need to have the right policies in place to implement a sound cybersecurity policy. You need to know all of your ports/inputs into your systems and be prepared to respond quickly. Contestabile noted you can handle some of your cybersecurity maintenance through automated responses.

Maryland Chief Information Security Officer John Evans described “leakware” or “doxware” where someone steals valuable information and threatens to post it publicly. Evans noted that most people think that ransomware is just about accessibility but usually also involves privacy and other network security concerns.

United States Representative C.A. Dutch Ruppersberger moderated the panel.