By: Michael Campbell | Twitter: @itsthesoup
Posted: Sept 30, 2017 | 12:09 p.m.
PRINCE GEORGE – It’s a hard task to turn on the news or log onto various websites without hearing news of data breaches and other large network intrusions that place consumer data at risk of being compromised.
While the conversation of computer network and cybersecurity is being had by Fortune 500 companies along with state and Federal entities, the topic is not lost on local municipalities including Prince George as their information technology director briefed supervisors on the need to look at what the county is currently using to prevent malicious attacks and data breaches as threats become increasingly sophisticated.
During a presentation by Prince George County Information Technology Director Kirsten Cherry, she explained that the county does have active firewalls and virus protection software, but it may be time to look at a different provider for malware, or virus, protection.
According to Cherry, the county currently uses well-known cybersecurity service Kaspersky Lab, who touts itself as having its products awarded “55 firsts and achieved 70 top-three finishes” in nearly 80 independent tests and reviews while serving “over 400 million users” and “270,000 corporate clients.”
One of the main reasons Cherry said the county should consider changing providers is due in part to the fact that, with the current software through Kaspersky Lab, they are unable to provide protection on the public safety servers or the emergency communications center dispatcher consoles due to the nature of anti-virus software to require a significant amount of processing power that could result in reduced performance of a given computer, such as an ECC dispatcher console, during the worst times, like at a time of higher call volumes.
“The company that provides our software suggested that we not run it on there,” she said. “We tried several things to try and get it to work and we just couldn’t. It does leave us a bit exposed more on the console side where the dispatchers are using the computers to access the internet and email.”
She did confirm that the county did have “one instance of ransomware,” which is malicious software that can encrypt files on a computer and hold them ransom by forcing the user to pay money to regain access to their files, but, Cherry stressed, “it was minor and didn’t cause a lot of damage.”
In addition, just last month, Cherry noted that there was a computer virus that wasn’t detected by the county’s antivirus agents because it acted like an antivirus program itself, cloaking itself from Kaspersky Lab’s cybersecurity software.
“In the future, to protect our data, we need to get a proactive endpoint security program or next-generation antivirus,” she explained.
According to Cherry, proactive software “looks for data trends or things that seem to be going wrong on your computer to try to isolate it before something happens,” as opposed to reactive software, which “just finds out when there is an infection and tries to remove it.”
With proactive software, Cherry said it would see that irregular data that could be the hallmarks of malicious software, isolate the machine, and disconnect it from the network to prevent the software from penetrating into the county’s network and creating serious problems and compromising security.
An advantage of the proactive software being considered by Cherry and her staff is that the antivirus software itself would not require as much processing power, which could allow key parts of the county’s network to have malware and virus protection software installed on them, such as the public safety servers and ECC dispatcher consoles. In addition, Cherry said the newer software would allow for tracking of computers that are not on their network, such as those that are at county fire stations, which isn’t possible right now.
While presenting the advantages to the proactive software, Cherry noted that the cost will vary, but will be more expensive than what is currently in place.
According to county records, when the county was due to renew, Cherry purchased a three-year license at a cost of $4,200. That license is slated to expire sometime in October.
The costs of a one- and three-year subscription to the two proactive programs suggested by Cherry through her research, Carbon Black CB Defense and Sophos, start at over $11,000. In data presented by Cherry, a one-year subscription to Carbon Black CB Defense was $11,979 while a three-year subscription was listed at $30,543. For Sophos, a one-year subscription was estimated to cost $11,448 while a three-year subscription would cost $20,474.50.
“This would be more expensive than virus scan software in the past,” she said. “It just seems like the more people try to mess around and get into your data, the more it is going to cost to protect yourself, but one ransomware attack can be very costly, as you have seen in the news.”
In January, The Washington Post reported that the leaders of the Los Angeles Community College District opted to pay a $28,000 ransom to hackers following a cyber attack in December that caused significant technological issues at the Los Angeles Valley College.
“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost,” Francisco C. Rodriguez, the district’s chancellor, said in a statement to The Washington Post.
In addition, a ransomware attack centered around malicious software named WannaCry affected hundreds of millions of computers around the world, hitting Europe exceptionally hard, with England’s National Health Service or NHS being forced to turn away patients after their computer files were affected, forcing users to pay a ransom fee to get their data back.
For Cherry, she stressed that she wouldn’t to commit to a multi-year subscription to any service, noting the ever-changing world of malicious software and efforts to stop it.
“It used to be cut and dry, but with the ransomware attacks increasing and becoming larger through more sophisticated attacks, I wouldn’t do a three-year subscription as they are constantly updating their software to prevent attacks,” she said to supervisors.
She added that she is looking at her budget to see if it is possible to make a subscription to either Carbon Black CB Defense or Sophos work financially, but she said if she isn’t able to, she would be returning to the board to request funds for the needed software.
“I don’t think we have any other choice here,” Chairman Bill Robertson said following Cherry’s detailed presentation, harkening back to the recent data breach at consumer reporting agency Equifax where over 143 million Equifax customers had their data compromised.
“Everything we do here deals with computers, taxes, assessments, and other records, so we need to move forward and do what’s necessary and, if it can’t be done in your budget, we will need to come back and look at it because this is an important operational expense,” the chairman closed.