IT protection that supports the state, its employees and assets.

Don't Get Held Up at Ransom Article and Video Presentation

On Oct. 11, the U.S. Secret Service, FBI Denver Cyber Task Force, Cybersecurity and Infrastructure Security Agency (CISA), Boulder County Chief Information Security Office and the Governor’s Office of Information Technology (OIT) gathered to talk about cybersecurity and ransomware.
Expert Panel on Ransomware - 2023 Cybersecurity Awareness Month: Watch the video.

What is ransomware? Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

What to do if an incident occurs.

Johnathan Reaghart, Supervisory Special Agent for the FBI Denver Cyber Task Force, says that first and foremost, it’s important to inform state and federal cybersecurity experts so they can collect digital evidence, which could include malware, suspicious files, data logs, etc. This threat intelligence will then be organized and analyzed to start the mitigation process.

The Secret Service will then work with partners across the country to gather intel and share information on the incident. Cyber actors are rarely confined to the U.S., so instead of working on financial sanctions, diplomatic sanctions come into play and the State Department works with overseas entities to deny the infrastructure the bad actors are using in order to dissuade and disrupt them. In parallel, CISA focuses on discovering the technique and tactic that the bad actor used to get access, as well as asking a lot of questions. How will this incident affect the community at large? What is the most critical service that could be impacted in the community? How can that impact be minimized? The first 24 hours after an incident has occurred are critical and assistance mitigating the issue(s) will need to be outsourced if it was a major attack. 

Build the boat before the storm.

The more time and energy you spend on preparedness, the less crippled your organization will be if you’re attacked. Ensure that you have an incident response plan (IRP) with current staff members who understand how to implement it, as well as have policies in place that will give that plan authority. Every organization that cares for critical infrastructure needs to have a cybersecurity person on staff. 

But remember, this is a team sport. Connect with an Information Sharing and Analysis Center (ISAC). These committees offer federal grants to those with cybersecurity needs as well as mentorship opportunities. ISACs also encourage the exchange of information like trading acceptable use policies between entities. Colorado has a connected cybersecurity community of managers and leaders in the field, so it is to your benefit and advantage to engage this larger ecosystem.

Ransomware has been around since 1989, but the tactics haven’t changed.

Phishing is still the number one avenue for attackers to place ransomware on your network, accounting for 95% of attacks. The bad guys get in the door by someone making a mistake. Bad actors will always exploit known vulnerabilities because that’s the easiest route. The best defense is user education and ensuring that you’re using the most up-to-date technology, including hardware and software updates.

We need to be more diligent about our cyber hygiene: 

Watch for These Seven Red Flags Article

Social media is now the leading channel for scammers to access your information. According to a new report from the Federal Trade Commission, Americans lost $2.7 billion combined to scams originating on social media between January 2021 and June 2023. Online shopping accounted for the most common type of social media fraud, and with the holidays fast approaching, there are some big warning signs to look out for to avoid falling victim to a scam.

Simple ways we can protect ourselves, our friends and our family: