1/14/2020 12:00 AM
Cyber Attacks: ‘It’s not a question of if it will happen to us, but a matter of when’ ~Eric Caldwell, Brazos County CIO
BRYAN, TX - You’ve seen the headlines – data breaches and ransomware attacks on cities, healthcare organizations, school districts and Fortune 500 companies.
“The headlines are only the tip of the iceberg,” says Scott Terry, director of the Cyber Readiness Center at the Texas A&M Engineering Extension Service (TEEX). “Many more attacks are never reported, and often the hackers are quietly paid off.”
TEEX provides cybersecurity training to local governments, schools, and healthcare organizations and businesses to help bolster their resilience to cyber attacks and their ability to successfully recover and continue their operations. The biggest mistake communities make is not taking cyber threats seriously, Terry says. “Cyber attacks can be indiscriminate, and even if you are a small community, you can get caught in that net.”
Brazos County is one jurisdiction that is taking cyber threats seriously. On Jan. 14-15, the County is hosting a TEEX class on “Recovering from Cybersecurity Incidents” at the Brazos County Expo Complex. The 16-hour course was developed by TEEX and is certified by FEMA. Participants will include officials from as far away as Victoria and Dallas County, as well as Bryan, College Station, Blinn College and College Station ISD.
Eric Caldwell, Chief Information Officer with Brazos County, said, “The need for this type of training was made abundantly clear last August when 23 local government jurisdictions in Texas fell victim to a ransomware attack, lending credence to the cliché phrase, ‘It's not a question of if it will happen to us, but a matter of when.’"
Local, state and federal government are increasingly targeted, as seen in cyber attacks on cities, such as Atlanta, Baltimore, San Diego and New Orleans. The Governor and other state officials said last week that Texas state agencies are targeted by billions of probes each day in an attempt to infiltrate networks. The U.S. Department of Homeland Security released a bulletin on Jan. 4 calling for vigilance and continued use of basic cyber hygiene practices, citing potential cyber attacks from Iran.
“In practicing cybersecurity, we often focus most of our resources on reducing exposure and risk,” Caldwell said. “We train our end-users to think before clicking on links; we invest in firewalls, filters, and anti-virus; and we conduct backups with consistent and conscientious regularity. But as the saying goes, ‘While we must be successful 100% of the time, the bad guys must be successful only once.’ Therefore, investing resources in successful response and recovery efforts is crucial to our continuity of operations.
“Brazos County worked with TEEX in 2017 to host a cybersecurity incident response training that was very well-received by my staff and my colleagues across the state. I am very excited to again work with TEEX to host MGT-465 Recovering from Cybersecurity Incidents. My colleagues from across Texas will again attend this training in Brazos County. All of us expect it to be a worthy investment of our resources and help prepare us for recovering, when it happens.”
“This course is unique in that it bridges IT with emergency management,” Terry said. “In previous cybersecurity training, there was a lot of interest from IT personnel on becoming more involved in response and recovery at the jurisdiction level. The goal is to have people from various departments attend so we can discuss how to plan ahead to ensure Continuity of Operations in the jurisdiction.”
The TEEX course is offered nationwide this year at no charge through a DHS/FEMA Continuing Training Grant.
Learn more about the TEEX Cyber Readiness Center.