A sprawling cyber attack late last week compromised data for millions of people including state and federal agencies. On the list of those hacked was the Department of Energy. The Savannah River National Laboratory is under the DoE umbrella.
The University of Georgia was also impacted by the breach. How many of you have kids that attend UGA or donate to the University? What does this mean for us and what is the potential impact?
How does Fort Gordon’s Cyber Security Center fit into the mix?
ABD turned to our resident cyber security expert, Patrick Reynolds, Founder and CEO of Cross Link Consulting for some answers and possible clarification. Reynolds writes a weekly Tech Alert column for our publication.
ABD: The cyber attack compromised data for millions of people and included breaches of the US Federal Government including the Dept of Energy. Would that also include the Savannah River Site?
There have not been any published breaches for SRS in the last decade, which is a tremendous testimony to the faithfulness of our cyber defenders. But the fallout of these attacks won’t be fully felt or understood for many months. The CLOP hackers, Russian ransomware gang, behind this breach have been so successful with this compromise that they can’t even handle the volume, asking victims to reach out to them via email. It is frustrating to see our neighbors suffer due to the shortcomings of government cybersecurity efforts.
ABD has reached out to SRS and the SRNL for information on how the cyber attack might have impacted their operations. We will update you when we receive a response.
ABD: How do hackers reach the security of State and Federal Government agencies? Wouldn’t their extreme cyber security measures prevent that?
There are flaws, some known and some unknown, in every software application. Thousands of flaws are found and fixed daily, but even the fixes often introduce new vulnerabilities that will be identified sometime in the future. In many ways, computer vulnerabilities are like human ailments and software patches are like medications. For example, a side-effect of taking Aspirin to alleviate a headache is that it also reduces clotting, introducing, or increasing risks in ways that may be unexpected or undesirable. With a computer, if you install Adobe Acrobat, you gain a new capability, but you also introduce unknown vulnerabilities. And when you later update Acrobat to fix newly discovered vulnerabilities, you may be introducing yet another vulnerability.
Government breaches are often perpetrated through an unsuspecting 3rd party. On Fort Gordon, if a vendor is tied into DoD systems, and that vendor is breached by North Korea, then North Korea is tied into our DoD systems. That bad actor isn’t going to deploy ransomware, rather they are going to quietly maintain a foothold in that vendor’s systems and discreetly access this DoD systems to avoid detection.
No amount of security measures reduces the risk to zero. This understanding informs how Cross Link addresses cybersecurity risks, by staying laser focused on breach detection and response rather than layer after layer of expensive security measures that offer diminishing returns.
ABD: Apparently, hackers exploited a flaw in a file transfer software called MOVEit. What transfer software would you recommend companies use?
There is no single best file transfer solution, but most CSRA organizations that need to securely share data would be best served with an encrypted email solution such as EchoWorx, or controlled file sharing with a solution such as Egnyte.
ABD: As hackers become more aggressive and demand huge amounts of ransom money, how can this be prevented? It seems like there is no end.
Ransomware can’t be prevented completely, but it can be mitigated. In order of ROI towards ransomware mitigation, we recommend backups (commonly called Business Continuity or Disaster Recovery solutions), software patching, breach detection and response (commonly called MDR), and endpoint protection (i.e. antivirus). If you can only afford to do one of these, then invest in a great backup solution. Just understand that the other aspects should be addressed just as soon as possible to cover your risks and liabilities.
ABD: The numbers from the Department of Justice and the Federal Trade Commission are staggering. Total cybercrime losses are estimated to be $10.2 billion this year which is almost double from 2022. Also, Georgia reports the most ID theft cases in the country? Wow!
The numbers are depressing, but that outlines what our mission is at Cross Link. Apart from serving as the outsourced IT department for many CSRA organizations, we also provide cybersecurity services to GA government and municipal organizations. By securing a county government with our breach detection and response solution (MDR), we vastly reduce the risks to the residents of that county. We can protect 20 county computers for a few dollars monthly, and thereby protect the information of thousands of county residents.
The bottom line is that the Federal Government has committed $26 billion dollars for cybersecurity in 2024. The CSRA is home to Fort Gordon’s Cyber Center of Excellence, the U.S. Army’s modern-day weapon to combat cyber-attacks. We are the hub for much of what will lead our community and our country forward in cybersecurity. Hopefully that will help area businesses stay ahead of the bad guys.
In the meantime, don’t miss Cross Link’s Tech Alerts every Monday on www.augustabusinessdaily.com. It might keep you ahead of the hackers.
