Suffolk County cyberattack urges hiring more IT staff, security chief.

TLDR:

Suffolk County needs to enhance IT staff and hire a cybersecurity chief to prevent future cyberattacks.
The county must obtain a cyber breach insurance policy for financial protection.

Full Article:

A recently released report on the Suffolk County cyberattack highlights the need for the county to develop a recovery plan and bolster its information technology staff to prevent a similar incident in the future. The bipartisan Suffolk County Legislature’s Special Cyber Intrusion Investigation Committee has recommended that the county hire an executive dedicated to overseeing cybersecurity and obtain a cyber breach insurance policy to provide financial protection in case of future attacks.

The report stated that the county was ill-prepared to respond to the cyberattack discovered in September 2022 and emphasized the importance of adequate planning, coordination, and training to strengthen cyber defenses. It also highlighted the lack of a chief information security officer (CISO) at the time of the attack, which impacted the county’s ability to qualify for cyber insurance.

Suffolk County Executive Edward P. Romaine has implemented changes in the county’s IT department, including the adoption of multifactor authentication. The report recommends compliance with county laws for annual IT risk assessments and hiring a CISO with a fixed term, as well as creating a cybersecurity strategy.

The cyberattack shut down Suffolk County’s main website for over five months, exposing the personal information of half a million individuals. It also disrupted county email, phone systems, and various agency functions. The report emphasized the need for better coordination between Suffolk IT departments and the establishment of a unified cybersecurity approach.

While the report downplayed the impact of an unpatched vulnerability in the clerk’s domain, it highlighted a pass-through in the county’s perimeter firewall as a significant factor in the attack. Moving forward, the committee recommended avoiding such loopholes and ensuring all internet traffic undergoes proper inspection.

Overall, the report underscores the importance of proactive measures, adequate staffing, and a comprehensive cybersecurity strategy to protect Suffolk County from future cyber threats.

Post Views: 20

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses