Commissioners hear of cybersecurity efforts
“Eighty percent of hacking-related breaches are from stolen passwords. If you think about it, how many passwords do you have that are probably pretty similar to each other,” said sales engineer Lydia McCloskey with HTS Voice and Data Systems. “And 85 percent of businesses with less than 1,000 employees have been hacked. They may not know it, but they’ve been hacked.”
McCloskey provided a cyber crime update and data security review for Uvalde County at the commissioners’ court meeting held Nov. 12 at 10 a.m. at the Uvalde County Courthouse.
In her presentation, she reported attackers often use compromised credentials to send spam emails, gain access to other accounts, to gain access to data which they can use or sell on the dark web, and for identity theft. Data such as names, Social Security or credit card numbers and birthdates may be sold on the dark web for $1-$8, adding up to tens of thousands of dollars as the same data is sold to multiple interested parties.
The city of San Marcos, California, experienced a cyber attack on Oct. 24 when hackers accessed computer systems, restricting services for more than a week. Employees were unable to access emails and other systems, though city offices remained open.
Uvalde County Judge Bill Mitchell noted the City of Del Rio had suffered an attack earlier this year.
On Jan. 10, officials were forced to shut down computers at the city hall of Del Rio after a ransomware attack. To isolate the malware, the city’s management information services department had to turn off the internet connection for all city departments, which forced employees to work manually, using pen and paper.
The County of Uvalde has been attacked by ransomware in the past, and three years ago was attacked twice in one year. Because of the security measures in place, they were able to rectify the situation with minimal downtime.
Commissioner Ronald Garza asked McCloskey what separates Uvalde from the city of San Marcos, California. She reported that in addition to providing dark web information monitoring and training for employees, such as not clicking on suspicious links and not using the same passwords, HTS maintains offsite back-ups.
By keeping back-ups current, if the county was to lose access to systems the company would be able to restore the latest back-up, getting the county systems up and running again within a day, in most cases.