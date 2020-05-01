The latest investigation by the Santa Barbara County Grand Jury reveals that the nine local governments in our county are ill-prepared to deal with cyber attacks. Here is why this may be one of the jury’s most important reports:
Last year, 205,280 businesses and organizations nationwide reported ransomware attacks, which is 41 percent higher than in 2018. The average payment — or call it what it really is, a ransom demand — to release files soared to $84,116 in the final three months of 2019, more than double what was paid in the previous quarter. Last December, that ransom payout averaged $190,946, with several larger organizations having to deal with ransom demands in the millions of dollars.
According to the FBI, most of the attacks are coming from overseas, with some of the major players being Iran, North Korea and Russia. The U.S. Justice Department has indicted hackers in those countries, but when it comes to actually extraditing those criminals for trial, they might as well be on Jupiter or Mars.
City and county governments show up high on records lists kept by federal agencies because they are required by law to report ransomware attacks, and also because they are generally the most vulnerable.
Which is basically what the grand jury report said. The report found that the eight city governments, along with county government, were deficient in critically important areas such as data backups, systems personnel training and an adequate understanding of the electronic systems they use. The panel relied on data supplied by the systems managers of the local governments, so it is not a matter on conjecture by grand jury members.
Among the problems identified by those surveyed are a lack of a cyber security plan, never having performed a security audit, and currently carrying no cyber insurance, which is something many large companies in the private sector are doing.
As always, the grand jury report makes some recommendations — designating a person to be responsible for overseeing cyber security, regular backups for stored data, upgrading computer systems and conducting more staff training. Also as always, the report’s subjects have 90 days to respond.
The federal Cybersecurity and Infrastructure Security Agency has specific recommendations for both the public and private-sectors: Update software and operating systems with the latest patches. Never click on links or open attachments in unsolicited emails. Back up data on a regular, frequent basis. Keep data on a separate device and store it offline. Always follow safety guidelines when surfing the internet.
That is just common sense, suggestions that are as good in your home as they are in a massive corporate or government office environment. The fact is that so much of today’s business and social interactions occur in cyber space, and there are ruthless pirates lurking everywhere, just waiting to pounce.
You don’t want to suffer the fate of a Simi Valley physician who built her practice over two decades, only to have it destroyed over a few weeks last summer in a ransomware attack that locked all her files. She hired a ransom negotiator through her malpractice insurance provider, who gave her the bad news: Even if she paid the $50,000 ransom for each file unlocked, there was only a slight chance the files would be unlocked. She finally gave up and closed her practice.
This is serious business, and it’s likely to get worse, because cyber criminals like nothing better than a global pandemic to intensify their squeezing of potential victims.
That grand jury report is a wakeup call for local government officials and taxpayers.
