7/24/2013 6:21:00 PM Keeping the city safe from online attacks
By Stan Anderton City of Othello
Security continues to be a leading topic of those involved with information systems and for good reason. Government organizations are being attacked daily. While hacking and virus attacks have been around since computers came into existence, the scope of the attacks and the ground rules have changed. We still have young hackers trying to prove how smart they are by finding their way past the defenses we put in place, but numerically, their attacks are now dwarfed by the attacks that come from organized crime. It is all about power and money. While the attacks of the past were focused on wreaking havoc, most of the more recent attacks have been focused on monetary gain or crippling our vital infrastructure, notably our water, power, transportation and financial systems. So, you may ask, what does all of this have to do with the City of Othello? In recent months, we have witnessed an increasing intensity in the number and sophistication of these attacks. The current most effective strategy focuses more on the human factor than on the integrity of the network itself using what we call phishing attacks. Simply put, phishing is impersonating someone we deem to be trustworthy to try to acquire your information, either overtly or covertly. For example, a phisher may send out emails pretending to be from your bank, FedEx, UPS, Facebook or somewhere you may do business online. Often, they will say that your password has been compromised and needs to be changed or that you have made a recent purchase, which of course you have not. The goal is to get you to click on their link or open an attached document. The link may take you to a web page that will ask you for your personal information that will be used for identity theft, drain your bank account or gain access to your credit accounts. Others will launch hidden programs that will record every keystroke you make to gain the sensitive information, usually undetected so you think the link was harmless. This is what happened to many companies, large and small, and to state and local governments, even right here in Washington. One city approximately the same size as Othello was victim to one such attack and lost hundreds of thousands of dollars. A worker had clicked on a link as described above and was infected with a 'key logger,' which recorded login information, account numbers, passwords and PIN numbers used to transfer funds and other banking operations. Before the problem was discovered, their system was compromised. They lost substantial money and the trust of their citizens. Learning from the event, we responded quickly to put additional controls in place to prevent us from being victimized. In addition to our firewalls and software solutions, the IT department worked with security specialists to design a system that makes it next to impossible to intercept our vital information, keeping your tax dollars safe to be used for your benefit. Most of what information systems professionals do is behind the scenes, but rest assured, we are diligently working for you. Let me offer a personal tip: Look closely at each email before you open it. If you don't personally know and trust the sender, be wary. Do you really want to take the risk of a virus or identity theft? Most successful attacks come from a user clicking on a link or opening an attachment. Immediately following each prominent news story, a flurry of infected emails are sent out to get you to look at the video or read the latest gossip. The risk of your systems being compromised is rarely worth the perceived reward. Select your news sources wisely and always be wary of "free." Beware and be careful.