Looking for your most vulnerable place on the network? For many, it’s the content management system (CMS), according to the Multi-State Information Sharing and Analysis Center.
CMS technology has been the top attack vector over the past two years, said Thomas Duffy, executive director for the MS-ISAC. Speaking about cybersecurity at the National Association of Technology Directors annual conference in Cincinnati this week, he said, “Systems like WordPress, Drupal — most of it is open source and has all sorts of plug-ins to add functionality, but you have to keep it patched and updated.”
MS-ISAC is a cybersecurity operations center for state, local, tribal and territorial governments and is funded by the Department of Homeland Security. Last year, the organization responded to 145 incidents.
uffy noted that MS-ISAC has seen an increase in hacktivist attacks, particularly against law enforcement groups over concerns about excessive force. And local governments are falling victim to ransomware.
“States identify and take systems offline and reimage them,” Duffy said, adding that he did see one state agency lose all files it saved within a 24-hour period. “Local governments don’t necessarily have the tech maturity level that a lot of state agencies do. They don’t have backups.”
To guard against attacks, he recommends that the public sector focus on cyberhygiene practices. “Know what systems you have, make sure they’re patched and examine them closely,” Duffy advised.
MS-ISAC research shows that some states take as many as five weeks to patch servers, which is much too long. Encouragingly, though, last month ISAC saw a few Adobe zero-day-attacks. “After two days, they went away, indicating that people were updating really quick,” Duffy said. And don’t forget to pay attention to website plug-ins.
“We all need to work together to be a safer team; to be a safer nation,” said Duffy. “ The challenges are enormous.”