BreachExchange mailing list archives
Govs Urge Action to Thwart Cyberattacks, Computer Hacking
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 27 Sep 2013 19:00:59 -0600
http://www.pewstates.org/projects/stateline/headlines/govs-urge-action-to-thwart-cyberattacks-computer-hacking-85899507787 Prominent on the website of South Carolina Gov. Nikki R. Haley is a banner and button that says: “S.C. Dept. of Revenue Cyberattack: Cyberattack Info.” South Carolina learned firsthand the havoc a hacker can have on state-owned computer systems when last October approximately 3.8 million Social Security numbers, 387,000 credit and debit card numbers and 657,000 business tax filings were exposed in a security breach at the state Department of Revenue. This is the type of cyberattack governors are gearing up to prevent. “Every day, states are exposed to phishing scams, malware, denial-of-service attacks, and other common tactics employed by cyberattackers,” according to a call-to-action paper released Thursday by the National Governors Association. Michigan Gov. Rick Snyder, a Republican, was in Washington to launch the NGA bipartisan effort, led also by Maryland Gov. Martin O’Malley, a Democrat. “As governors, we are directly responsible for ensuring the security of a wide array of state-owned assets and personally identifiable information such as tax records, driver’s licenses and birth records,” Snyder said in astatement. “We also play a critical role in ensuring that private-sector assets within our states are secure,” the former president of Gateway computers said. As Stateline has reported, Michigan has been a leader on this front, enlisting the help of everyone from the major utility companies to the state police to launch a multi-pronged pre-emptive strike. Cyberattacks on the state of Michigan’s computer systems have increased to about 500,000 a day, The Detroit News reported. In its six-page paper, NGA urges governors to look at what their peers are doing. The report highlights: - Michigan requires security awareness training for all state employees, and launched with universities and the private sector a state-of-the-art Michigan Cyber Range research center. - Maryland leverages the cybersecurity capabilities of the Warfare Squadron to support its cybersecurity assessments, including having state agencies participate in Internet training exercises that simulate cyberattacks. - Minnesota’s chief information security officer works closely with the governor, a Technology Advisory Committee, and other agency leaders. - California Cybersecurity Task Force is a new state-led collaboration between state and private-sector IT officials. - Delaware state employees conduct cybersecurity presentations for elementary school students and host video and poster contests to reinforce the importance of Internet safety practices. A 2012 survey of state chief information security officers found that only 24 percent were “very confident” that their state assets are protected against external threats, while only 32 percent said their staff have the required cybersecurity competency. Those findings were part of a 2012 report about cybersecurity from Deloitte and the National Association of State Chief Information Officers that also estimated that government agencies had lost more than 94 million citizen records since 2009. The average cost per lost or breached record is $194. While NGA’s paper doesn’t specifically mention the South Carolina case, it notes, “Several recent attacks reveal that states which fail to put in place a strong governance structure are at a distinct disadvantage.”
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Govs Urge Action to Thwart Cyberattacks, Computer Hacking Audrey McNeil (Oct 04)