Report: Risky practices preceded ransomware attack
County adopts best practices
EL CENTRO – The Imperial County Board of Supervisors on Tuesday were told the conditions in place prior to the April 13 ransomware incident were not ideal.
That assessment was included in a final report provided to them by county Information Technology Systems manager Henry Felix.
He said the conditions of cybersecurity during and prior to the event were not following best practices.
Some of those best practices not being followed included leaving computers on at the end of the work day or employees opening up mystery email attachments from people they do not know.
Those best practices are now being followed, he said on Thursday.
“I would say Imperial County has implemented a wide variety of technical controls,” Felix said. “We are not relying on one thing. We have different barriers in place.”
As an example, Felix said, if an email is received from outside the server a marker will be attached to tell the employee that the email is outside of the network.
If an attachment is added to the email there are things in place to determine what is in the attachment without opening it.
A lot of cyber security falls on the having the county employee or user having some skepticism of emails.
“If you are not expecting that email or something is not adding up contact IT,” he said.
The cost to get everything back on line and make the improvements after the cyberattack is still not known, Felix said.
The county still only had to pay its insurance deductible of $50,000.
At the time of the incident cyber security technical controls included standpoint antivirus software and non-next generation firewalls. In addition an event logging tool was in place to determine unusual and unauthorized user behaviors.
Besides the information systems and user date being unavailable for almost three weeks after the cyberattack, other damages were prior commitment to both projects and operation support were delayed.
One file server had a small loss of data and the information between the county Sheriff’s Office and county being severed for 30 days.
Going forward both hardcopy and electronic formats have to be maintained with supervisors emphasizing the importance of cyber security with their employees.
Department now will double-check sender’s authentication, avoid the use of non-trusted sites on networked systems and budget for five-year refresh cycles for all desktops and printers, and budget for application upgrades.
Users should be vigilant with emails coming outside the county and avoid use of third-party applications and software and not use non-trusted websites. They are also required to take part in countywide cyber security training.
Felix also talked about the software registration policy, where the county employees who use the network are aware of what is allowed to run in it.
In his presentation, Felix told the board of the lessons the county learned from the attack.
“A culture of cybersecurity must be established from the top to the very bottom of the organization,” he wrote in his presentation. “Everyone’s actions and use of county information technology will dictate how successful we are will be in protecting ourselves from unauthorized access.”
Felix said that there is no magic bullet to cyber security and only continued vigilance will determine the successful defense of the Imperial County network
Felix said if some of the improvements were in place back on April 13 it would have been much harder significantly for a cyberattack to be successful.