MARINETTE — Trying to stay one step ahead of cyber criminals can be a frustrating game of cat and mouse for the good guys.
“Cyber security is what keeps me up at night,” said Kevin Solway, the director of technology services and the chief information officer for Marinette County. “Those are the things I will wake up at night and be thinking, ‘Oh, I wondered if we covered that.’ I’m not trying to say I’m up all the time. This is what I worry about more than anything.”
Solway has been with the county for 21 years — 10 as a sheriff’s deputy and 11 in his current position. His department oversees about 350 employees and more than 450 email boxes.
The county is big business.
“We could lose millions of dollars if we have a major breach,” County Administrator John Lefebvre said at a recent county board meeting. He said Solway and his department are working to stay ahead of the game.
Solway said data is key.
“We’ve got a lot of data,” he said. “People don’t realize, we’re the county and we run a health and human service department, we run a law enforcement agency. We’ve got a lot of data and data is worth money to people.”
He said people typically worry about their credit cards getting stolen, but they can be replaced.
“Your name, date or birth and social security number are with you from day one pretty much,” he said. “They don’t change. That’s the kind of data they’re after.”
The county, in April, participated in a two-day training session put on by TEEX — the Texas A&M Engineering Extension Service.
“It gave us good insight into what we’re looking at,” Lefebvre said.
He explained that Shawano County, which also took part in the training, recently had a small breach and officials there were able to segregate it and prevent it from spreading.
“Marinette County (website) gets many hits,” he said. “We get attacks and we’ve been able to ward them off.”
Solway said the TEEX training was very beneficial.
“Essentially it went through cyber risks starting with the real basics like having a good password and things like that,” he said, “And progressed all the way through why each department needs essentially to be prepared to operate without computers for a period of time — be it a half a day or three days or whatever should there be some major cyber incident.”
Solway said the biggest point he got out of the training was through a tabletop exercise.
“They introduced different injections and how you would respond to each one,” he said. “It was fun, exciting and eye opening. There were a lot of viewpoints on a lot of things. It showed how one thing can affect several others. That’s important to take out of it.”
He also learned that Marinette County is on the right track.
“I’m not trying to brag, but they were quite impressed with some of the things we’re doing,” Solway said. “We are following a framework to guide us in the things we need to do to achieve a more secure environment. You’ve got to be prepared. You’ve got to have your people prepared. You’ve got to be above to detect if something’s happening. We have processes in place to detect what are malicious events or what are suspicious events — What doesn’t fit the norm.”
He said a key component of the process is end-user education and training department heads and all employees.
The county sends “phishing” emails to see how many employees will click on it, or take the bait, so to speak. Solway said this is done at least monthly and county employees have shown vast improvement.
In 2018, he said, a phishing test saw 29% of employees click in the suspect email. A similar test done this month saw a rate of just .3%.
“The thing is, it only takes one bad thing to happen,” he explained. “One person to click on a bad email that infiltrates their computer and they subsequently then move laterally in your system and they can do that stealthily for a while.”
He said an infiltration into a network may not trigger an alarm right away, but it’s waiting to happen.
Solway said the county has 24-7 monitoring and contracts with an outside agency for when personnel isn’t available.
“We have endpoint monitoring,” he said. “We monitor data that comes in and goes out. There are so many things to do. It’s an endless cycle.”
Solway said cyber criminals are getting more sophisticated with their emails, largely because of artificial intelligence (AI).
“It used to be you could tell they weren’t very fluent in English,” he said. “With AI, the criminals can use it as well as the good guys. They can make it sound a lot more convincing. It’s getting harder to weed those things out.”
Back to the phishing emails, Solway said employees are constantly told if they don’t know who it is from to be suspicious.
“We’ve had several attempts of emails coming into here that turned out to be malicious,” he said. “It happens weekly. Humans are the biggest risks. Human nature is to be curious. You don’t want to miss an email. You don’t want to miss something that sounds exciting or piques your interest. All it takes is the wrong click. But we keep at it.”
Most Popular
Comments / 0