Updated on 2022-11-15
Suffolk police ended up inadvertently leaking the names, addresses, dates of birth, and alleged sexual offenses committed against individuals, on its website. Read more: Suffolk police publish victims information in mass data breach
Updated on 2022-11-11: Not a cyber-attack
Officials from Suffolk County in the state of New York dismissed rumors of a cyber-attack on their infrastructure on Tuesday, on election night, after some election workers had to collect voting tallies on memory cards and drive to a central office to upload the results on state computer servers. Officials said this happened because “electronic security measures put in place to protect elections systems from cyber attacks had overtaxed and slowed an older operating system,” which initially made election authorities believe they were the victim of a cyber-attack. Read more: After cyber attack, NY county is extra careful with big vote
Updated on 2022-11-10
A ransomware attack on the Commack School District, Suffolk County, knocked offline the district’s main telephone number. However, its website and social media sites are functional. Read more: Commack School District faces ransomware attack, superintendent says
Overview: Ransomware Hits Suffolk County, NY, Government Systems
Suffolk County, New York, which encompasses the eastern part of Long Island, has asked the New York Police Department (NYPD) for help after its government systems, including 911 emergency services, were taken down following a September 8 ransomware attack. The incident is also disrupting real estate deals, as the title reporting system is affected.
Note
- Suffolk County staff are using pen and paper to handle emergency calls. Reverting to manual means is not uncommon with ransomware attacks, but be sure to understand how long that is viable. In this case they are reaching to NYPD for coverage until they are back online. While not viable in all scenarios, make sure this approach is included in your disaster plan preparation processes.
- Events like this are reminders that our DR/BCP programs must be up to date and tested, but there’s a deeper issue. Organizations mistakenly focus all of their resources on preventing compromises through known vectors. It’s easy to understand why; this is a problem it’s easy to create a product for. Unfortunately, it leads to a false sense of security since it prevents organizations from developing truly effective detection capabilities. Without the capacity for effective detection of unknown threats, we will always be caught flat-footed trying to recover after the damage is extensive.
- For the rest of us, the lesson is that in the event of a breach, we may have to pay for outside assistance. The cost of such assistance must be included in consequence component of the calculation of risk.
Read more in
