Rep. John Katko (R-Camillus) has represented New York's 24th district in the United States House of Representatives since 2015 and recently hosted a roundtable with local officials and representatives from the Department of Homeland Security, to discuss the severity of cyberattacks and how to address them.
In January of this year he said, “I am excited to serve in this new role on the House Homeland Security Committee. Continuing “As our nation becomes more and more dependent on technology, we must also remain vigilant to address and improve our cyber protections.
Now that 20 school districts in central New York were affected by a national data breach, which compromised student names, dates of birth, ID numbers and some email addresses, he has stepped up the action he is taking.
Cyberattacks also hacked the systems of the Syracuse City School District and Onondaga County libraries, this summer. Katko said the threat of cyberattacks on the U.S. is comparable to the threats that led up to the September 11th terrorist attacks.
“Before 9/11, we had so many threat indicators that something very serious was going to happen and we ignored them and we paid a terrible price for that,” Katko said. “I think in the cyber area, I think businesses and entities don’t always pay enough attention to the cyber issues and as the threat builds and conflicts grow internationally, it’s a very serious component.”
Katko is working on a couple of bills that would force businesses and government to interact on a regular basis about cyber threats and provide grant funding to make systems more secure.
“It’s up to us to make sure we are constantly doing a better job scouring our systems and having best practices and sharing information and making sure our guard is up at all times,” Katko said. “We can never let our guard down because if we do, we’re going to have a catastrophic event.”
Syracuse Mayor Ben Walsh said the cyberattack on the school district heightened the sense of urgency on the issue. He called it a fundamental threat to the livelihood of local government. And he said, it even came up when the city invited bond-rating agencies to Syracuse to review the city’s finances.
“Questions around cybersecurity were among the first asked by our bond-rating agency,” Walsh said. “So, clearly they’re taking it seriously and we are as well.”
Representatives from Homeland Security talked about what governments and businesses can do in the event of a cyberattack, how they can test their own systems, and stressed the importance of sharing information about attacks with other entities.
We’ve been warning about 2019 being a terrible year for cybersecurity since December of last year.
At the time we pointed out the following attacks:
- OPM Hack of government employees and others consisting of 22.1 million people!
- Equifax affected 143 million people!
- Marriott affected 500 million people!
- Yahoo email breach resulted in 3 billion accounts being hacked!
And we said - assuming an organization is able to cross-reference this massive amount of data – the results could be disastrous for national security and your organization.
Using any or all of this information, hackers can put together detailed profiles of just about anyone to then target them via social engineering to gain access to their accounts.
This means spear-phishing and regular phishing attacks will only get worse.
There have been countless more attacks and leaks of personal information since that time.
The amount of personal information leaked on the dark web is so great that it has become virtually worthless. Consider – we shared earlier today, 220 million leaked Facebook phone numbers can be purchased for $1,000.
With this information alone – an amazingly effective spear phishing campaign can be launched with recipient phone numbers in the subject line. The click-through rate of such a spear-phishing campaign will skyrocket as a result. Cost to the hacker? $1,000!
One ransomware infection will easily pay that back.
And this is just today’s hacked information news.
We applaud Rep. John Katko and what he is doing – the brighter spotlight we shine on the problem, the better it will be for potential organizations in the hacker crosshairs.
While there is no foolproof method to stop these attacks, it is essential to patch systems and also train users.
- Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
- Go to a phishing simulation vendor and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
- We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.