from staff....
“With permission from the City of Pensacola’s IT Department,
I wanted to make you aware that FDLE is assisting the City of
Pensacola with a cyber-attack that occurred over the weekend.
Once we found out
that the breach had happened, BCC-IT shut their connection to the BOC network
by disabling their two connections into our network. We also performed the
following over the weekend:
1.
Notified our Security Operation Center(SOC) of
the event and requested they put our network on high alert. This increased our
alert activity through the day and our Cyber team has been responding to the events.
2.
Notified CISA and gave the City of Pensacola
their contact information.
3.
Notified DHS and talked with them over the
weekend.
4.
Monitored Firewall and Antivirus logs
Today we met as a
Leadership team and have performed the following:
1.
Elevated our Antivirus policy to be more
aggressive
2.
Continued to monitor our Firewall and Antivirus
logs
3.
Continued to receive events from (SOC).
4.
Shared information with City of Pensacola and
the Sherriff’s office.
To provide greater
protection to the County network we plan to implement the following changes:
1. Provide
alerts on all emails coming from an external source.
2. Turn
off the ability for employees to access their Personal Email and Social Media
Accounts.
3. Upon
login, users will have to click an OK to a Legal notice which will basically
state they should have no expectation of privacy while using a county device.
4. Once
logged in, a machine will automatically lock after 15 minutes of
inactivity. We will have an exception
group, but it will be limited to business-critical operations.
5. Limit
the use of USB devices
6. Limit
Administrative rights
7. Not
allow users to write to their local C: Drive
8. Require
users home PC be up to date with Endpoint protection and the latest Windows
Security patches before remoting into a county device
9. Implement
a county Phishing Email campaign and Security Awareness training"
I understand the offensive guardrails, how about the fence post to deflect the risk to the citizens that are potential victims from this exposure so they can live in an environment of social responsibility to live their best going forward. Offense wins games, defense wins championships... a culture shift to compliment. Thank you for what you do - just another perspective.
ReplyDeleteThat's Awesome! Looks like they will be doing what they should have been doing all along, as that list is all standard things that any security team should have already been doing. Not knocking what your passing along. Let's check that progress in the next six months.
ReplyDelete