It can happen to anybody at any time. As the investigation continues and the Jefferson County Clerk’s office struggles to return to normal operations, this is one of several important lessons that all government offices and small businesses can take away from this cyber attack in Kentucky’s largest county.
In a press conference on Thursday, Jefferson County Clerk Bobbie Holsclaw offered some insight, saying, “It was never on my radar…The security was as good as you could get for the money… All of our systems were top-of-the-line. Somehow, they got through one little crack.”
Her statement that “it was never on her radar” is, sadly, more common than you would think. Small and medium-sized organizations believe they are safe from cyber attacks because they are too small to be noticed. The truth is that it’s easier for cyber criminals to launch successful attacks against these softer targets.
Over 60% of businesses that fall victim to a cyber-attack close within one year. Local government offices like the Clerk’s Office don’t have that option, which makes them attractive to cyber criminals.
No matter how new or top-of-the-line your systems are, there is no perfect security because of the human element. Whether it’s a well-meaning member of your team clicking on the wrong link, someone responding to a well-crafted phishing email or a coding error made by a vendor years before, you and your organization need to be perfect. Criminals only need to get lucky once.
Cyber security is not a destination. It’s a never-ending journey. For every protection place, cyber criminals are constantly looking to find a way around it.
A mature cyber security model encloses multiple levels of security with a combination of the technological and biological.
Most people have heard of anti-virus and firewalls, but 24/7 monitoring to detect and stop a threat is critical to organizations of all sizes. It’s like closing the barn door before the horse gets out.
Regular training of employees at all levels can be the most cost-effective thing any organization can do to protect you and your data.
Backups and a crisis response plan are also critical. Having the backups and plan isn’t enough. You need to rehearse the plan to make sure it works before you need it!
Finally, test your security with regular scans. One scan isn’t enough. It is a snapshot in time. Regular scans identify recently discovered vulnerabilities that affect your systems.
Ms. Holsclaw added, “There was just nothing that we could have done to have stopped this.” That may or may not be accurate, but the crisis response has clearly fallen short, and other safeguards like monitoring and scanning were likely not in place.
It’s not just Jefferson County. These attacks happen all the time across our country. This past month, Los Angeles Superior Court, Monroe, and Clay Counties in Indiana were all hit with similar attacks.
This should serve as a call to arms for local governments and small businesses across the Commonwealth.
Contact us to see how Commonwealth Sentinel can help you on your journey.