We’re too small, we don’t have anything a hacker would be interested in, our IT department says we’re secure, we store everything in the cloud, hackers are only interested in the big cities, counties, states…
If I had a dollar from every city, village or township that I heard this from I’d have someone writing this blog for me. The reality is you are the easy target, the path of least resistance. The truth is your data may not be of primary interest but you are most likely connected to your county or state web site for shared services; destinations that are of prime interest to hackers. You may also be linked to a state or federal healthcare exchange. A health record is the most sought after record on the dark web, fetching ten times the amount paid for a personal identity.
So what should you do? Take your role in the public sector echo system very seriously. One of the largest data breaches in history started when the credentials of an HVAC supplier were compromised and used to breach a major retailer. You have an obligation not only to your local constituents but to all the constituents in the echo system that you are connected to. We live in an extremely connected world that makes Kevin Bacon’s Six Degrees of Separation look like child’s play.
So make sure you are continuously monitoring the activity on your network, whether you do it yourself or partner with someone to do it for you. Specifically, monitor the activity to and from your critical or high-value assets. These assets may or may not reside within your physical infrastructure but regardless of where they are physically located you should know who can access them and from where, and where in turn they can communicate to. You know your network better than anyone else. Use that knowledge to secure the assets you have been entrusted to store, maintain, share and protect.
Author: Greg Guidice, RazorThreat