LA's cyber strategy: savvier employees, secure IoT
- By Matt Leonard
- Oct 19, 2018
Los Angeles is reducing its attack surface by training employees and securing connected devices.
Mistakes by employees are one of the most common ways malicious actors get into networks, enabling 17 percent of breaches, according to Verizon’s 2018 Data Breach Investigations report. But clicking malicious links is just one blunder employees make; others include "failing to shred confidential information, sending an email to the wrong person or misconfiguring web servers,” Verizon’s report said. “While none of these were deliberately ill-intentioned, they could all still prove costly.”
To shrink the attack surface, Jacob M. Finn, a policy manager for cybersecurity in the office of LA Mayor Eric Garcetti, said the city is taking steps to educate its workers.
“We have made that a No. 1 priority,” Finn said at an Oct. 17 event hosted by the National Governors Association and New America's Cybersecurity Initiative.
LA requires training for its workers, and it educates both employees and the wider community about browsing and email security as well as endpoint protection. It also takes part in awareness campaigns like the National Cybersecurity Awareness month, Finn said.
Karen Jackson, Virginia’s former secretary of technology, agreed with the human element of the cyber issue.
“At the core of every attack, there is generally somebody who thought there was truly a prince from somewhere that was going to give them money,” Jackson said at the same event. “No matter how much training we give them, they continue to go back on that path.”
Verizon's report also cited this phenomenon: “Incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.”
Ransomware and denial-of-service attacks are “starting to be something that we have seen and can start to get our heads around,” Jackson said, but she added that physical security needs more attention.
As LA prepares for a smart-city future, it is focusing on the security of small cell technology and connected devices, Finn said. “Anything that even remotely touches on the internet needs to be secure,” he said.
“A lot of these devices that are going to be involved in smart cities are durable goods, they’re not IT purchases,” Jackson said. “And so really have to start paying attention to how those devices are secured.”
Matt Leonard is a former reporter for GCN.