thompson unc municipal attorney presentation · maria s. thompson state chief risk officer 1 2019...
TRANSCRIPT
3/19/20
1
North Carolina State of Cyber
Cybersecurity for Municipal Attorneys
Maria S. ThompsonState Chief Risk Officer
1
2019 Global Social Engineering Attacks
Source: 2020 State of Phish - Proofpoint
2
2019 Global Social Engineering Attacks
Source: 2020 State of Phish - Proofpoint
3
3/19/20
2
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
• Business disruption was the main attack objective• Credential dumping was the most frequent technique used• Dwell time increased from 85-95 days. The use of stronger countermeasures allow
them to stay hidden longer• Both Malware (49%) and malware-free (51%) intrusions were just about equal in use• Attackers are more deliberate and targeted in their efforts to automate Active Directory
reconnaissance.• Third-party compromises serve as a force multiplier for attacks • Attackers are targeting cloud infrastructure as a service (IaaS). Targeting of API keys is
increasing• Macs are now clearly in the crosshairs of the cyber fight. • Patching remains a problem• Many organizations fail to leverage the capabilities of the tools they already have
4
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
5
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
6
3/19/20
3
Attackers Focus – Key Mitigations
Source: 2020 Crowdstrike Services Cyber Frontlines Report
7
Attackers Focus – Key Mitigations
Source: 2020 Crowdstrike Global Threat Report
8
2019 SLTT Ransomware Attacks
9
3/19/20
4
2019 NC Reported Ransomware Attacks
Date Affected Entity Ransomware VariantMar 2019 Orange County (hit 3 times in 6 yrs) Ryuk
Mar 2019 Pasquotank-Camden EMS Unknown
Mar, 2019 Robeson, NC Ryuk
Apr, 2019 City of Greenville RobinHood
Jul, 2019 Richmond Community College RyukAug 2019 Lincoln County Sheriffs Off/911 (X2) DopplePaymer
Sep 2019 Wildlife Commission DopplePaymer
Oct 2019 NC State Bar Neshta (dropper)
Oct 2019 Columbus Co School System (x17) Ryuk
Oct 2019 ABC Board (x21) SodinokibiDec 2019 EBCI Sodinokibi (Insider Threat)
10
2020 NC Reported Ransomware Attacks
Date Affected Entity Ransomware VariantFeb 2020 Duplin County RyukMar 2020 Durham County RyukMar 2020 City of Durham RyukMar 2020 Burke K-12 X (24) AKO Mar 2020 Alleghany K-12 PhobosMar 2020 Shelby Co Sheriffs Off/911 Ryuk
11
2019 FBI IC3 Report – North Carolina
Source: 2019 Internet Crime Report
12
3/19/20
5
To Pay or Not to Pay
Source: Proofpoint -2020 State of Phish Report
13
Whole-of-State Cyber Approach• BitSight Monitoring of local county
infrastructure
• Pilot program for continuous monitoring of local county network traffic
• Development of Statewide Significant Cyber Incident Plan
• Establishment of statewide information sharing under HB 217
• Cyber incident response and training support utilizing National Guard Defensive Cyber Operations team and local IT Strike teams
14
Legislative UpdatesHouse Bill 217
"§ 143B-1379. State agency cooperation and training; liaisons; county and municipal government reporting.
ü Updates the definition of what is reportable and adds the term and definition of “Significant cybersecurity incidents”
ü Adds to the liaisons tasks to provide corrective action plans ü Includes Privacy as a requirement and not just Securityü Excludes military personnel identified as security liaisons from requiring background
investigations in lieu of security clearancesü Legislatively mandates cyber awareness training and reporting (includes contractors)ü Requires that county and municipal government report cybersecurity incidents. ü Further clarify that cyber incident information shared to DIT will be protected under
G.S. 132-6.1(c)ü Encourages private sector entities to report cyber incidents
Link to report incidents: https://it.nc.gov/resources/cybersecurity-risk-management/statewide-cybersecurity-incident-report-form
15
3/19/20
6
2020 Federal Cyber Funding Opportunities
16
2020 Federal Cyber Funding Opportunities• The State and Local Cybersecurity Improvement Act (Introduced into the House 2/10/20100
• https://www.congress.gov/bill/116th-congress/house-bill/5823/text
• The State and Local Government Cybersecurity Act of 2019 • https://www.congress.gov/116/bills/s1846/BILLS-116s1846rfh.pdf
• The State Cyber Resiliency Act: • https://www.congress.gov/116/bills/s1065/BILLS-116s1065is.pdf
17
@NCDIT@BroadbandIO@ncicenter
NCDIT
NC Department of Information Technology
NC DIT
Let’s Connect!
it.nc.gov@NCDIT
18