Cyberthreats exist and they evolve. With this in mind, it is always recommended to stay on top of things when it comes to cybersecurity. Anyone call fall victim to these cyberthreats – from private individuals to organizations with international reach. A year-end review, this session aims to look back at the year in terms of cybersecurity – the biggest news and most prolific threats that we faced in 2019.

Justice Clearinghouse’s key resource when it comes to all things cybersecurity, Stacey Wright, is back. Stacey is currently the Director of Partnerships for the Center for Internet Security’s (CIS) Multi-State (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). She brings cybersecurity resources and support to state, local, tribal and territorial governments.

Topics Stacey discussed on this webinar include:

• An overview of the CIS, MS, and EI-ISAC.
• A rundown of the basic measures that any individual or agency must implement when it comes to cybersecurity.
• Understanding the biggest cybersecurity issue of 2019 – the Ransomware.
  • The nature of ransomware based on who they’re targeting and the amount of money involved.
  • The types of ransomware, and the specific ransomware that made it to the top 10 malware list of 2019.
  • The shift in the type of ransomware being used in 2019 compared to previous years.
  • The rise of mass ransomware infections observed in 2019.
  • Recommendations to protect an individual or agency from ransomware attacks that include having an incident response plan, educating leaders and users, backing up, the principle of least privilege, due diligence when it comes to vendors and suppliers, and promptly informing cybersecurity resources.
• A glimpse into the top 10 malwares of 2019 and zeroing in on the characteristics and abilities of the top three types.
• A look at Emotet – one of the most prolific malware affecting state and local government – its qualities and infection vector.
• Recommended password standards to put into effect.
• Understanding the different types of infection vector.
• Non-malware notifications that cause disruption in a device or system’s normal operation.
• Third-party brands and companies that we must be wary of as the US Federal Government raised concerns about these.
• Incidents of data breach, unauthorized users, and exposed data on health, finance, and tech companies.
• The concept of big game hunting where attacks are specifically targeting high profile groups and individuals through well-crafted social engineering as seen in business email compromise (BEC) scams.
• Steps to fortify any agency’s cybersecurity through education, collaboration, and a culture that encourages openness between leaders, IT and other employees.
• End of Life reminder for Microsoft’s Windows 7, Windows Server 2008 and 2008 R2, which would be highly vulnerable to exploitation after which.
• Q&A topics raised were:
  • What the public sector can do to secure the upcoming elections.
  • The threat of ransomware on state and local government and health care providers.
  • Cyber insurance coverage.
  • The pros and cons of utilizing cloud-based environments for a government agency.

Audience Comments:

• “Specific incidents that can be used to explain security impacts.” — Larry
• “Justice Clearinghouse is the only way to get all this data at one time. We keep up to what’s going on.” — Robert
• “A very good overview/executive summary and year-end review of the quarterly webinars I have viewed… Thank you, Stacey.” — Steve
• “I learned a lot…we need to really think about these topics.” — Teva
• “What I learned from the webinar is how much I didn’t know about cybersecurity! It was an eye-opener.” — Sue