RDOS got lucky with cyber attack in 2020, but more likely to come, say staff – Penticton News
A cyber attack in 2020 cost the Regional District of Okanagan Similkameen $15,000 in insurance deductables, and staff say the threat is only ramping up.
The RDOS’ network was compromised for weeks in late summer last year after an attempted ransomware attack in mid-August.
Information services manager Danny Francisco provided the RDOS board with the latest update at Thursday’s meeting, nearly a year after the attack, saying the RDOS got lucky that the ransomware attack actually backfired and crashed itself.
“The process that they went about to attack us fell apart in the process of trying to compromise these systems and actually deliver the ransomware attack through encryption of all of our systems, so that we would have to pay to get our data back, they ended up crashing the main system,” Francisco explained.
“When they crashed the main system, they basically kicked themselves out, so they weren’t able to complete their attack, they weren’t able to complete the encryption process.”
That said, while the RDOS was lucky this time that none of their cloud services and other connections were catastrophically compromised, Francisco said attacks like these are likely to become an increasing issue, and hackers will only get more sophisticated.
“These attacks develop over time, according to the forensic auditing company that was looking at this. They said, had we had this attack in February this year, it would have been much more aggressive. It has evolved since the August timeframe of 2020 and is much more potent and much more thorough, and likely would have not crashed as it did last year,” he explained.
He added that it’s difficult to find the origin of such attacks, as hackers hide their locations and jump activity through servers all around the world.
It took about three months for the RDOS to get basic services up and running again, and then five further months to deal with the recommendations from the forensic report and ensure there was no lingering code left from the attack ready for a later ransomware attempt.
Francisco said now is the time to be aware this is not a one-time threat. He says the RDOS needs to up its game when it comes to cyber security, and that might involve spending some money.
One option staff have been looking at is an artificial intelligence-type surveillance software.
“It’s not looking at viruses and things, it’s looking at how is the network being used. What kind of traffic’s going from one person to the next, what type of traffic. Is it going across devices, or is it coming from the server where is it coming from. These types of information become critical now to identify, is there a threat happening,” Francisco said.
The technology doesn’t come cheap; it can cost in the 10s of thousands of dollars. Francisco said it’s a hope that future RDOS budgets will include money for similar technology, and the staff to implement it.
“IT has become a utility, I’ve mentioned that before to the board. We have to think of it and treat it as such, it is one of our key resources now moving forward. Whether we like it or not, it is the way it’s become.”