Attempted cyberattacks against the North Dakota state government grew by nearly 300% last year, according to Shawn Riley, the state’s chief information officer and head of the information technology department.
That number equates to more than 15 million cyberattacks a month, up from 5 million a month in 2018.
But North Dakota isn’t alone, Riley noted.
“That’s part of a world trend,” he said. “We’re trending a little higher than certain organizations, but, yeah, pretty substantial increases overall.”
Comprehensive numbers are still being compiled for 2019, but in 2018, there were more than 300 million comprehensive attacks. Riley said his agency expects that number to be “considerably higher” for 2019.
But why the substantial increase? Riley said it’s due, in part, to expansion of technology in people’s everyday lives.
“We have everything from smart watches to smart toothbrushes all over the world,” Riley said. “It just creates a much bigger attack surface for systems to go after.”
Riley said attackers are getting smarter and the attackers’ tools, driven by artificial intelligence, are becoming easier to use.
“In today's world, it kind of looks like Robocop versus Terminator,” he said, making a movie reference. “There's a lot of machine versus machine, machine attacker and machine defender. And it's kind of really skyrocketed the volumes worldwide because of those types of attacks.”
As tensions between the United States and Iran decrease slightly from the beginning of the year, the New York Times reported last week that cybersecurity experts and government officials are already monitoring an increase of malicious activity by pro-Iranian hackers. But while the threat of cyberattacks from Iran exists, cyberattacks are always on the horizon, no matter where they’re from, according to Darin King, vice chancellor for IT/chief information officer of the North Dakota University System.
Earlier this month, the North Dakota University system sent a message to students, staff and faculty reminding them about the issues that can arise with suspicious emails or phone calls. King said risk reduction is key when it comes to cybersecurity issues. Agencies want to reduce their risk for cybersecurity breaches and institutions have put in place measures to reduce that risk.
“We've implemented over the last four or five years a number of different security measures that will help us do a better job of protecting, detecting and responding when we have issues,” King said. “It really comes down to defense in depth ... which really means having multiple layers of security controls in place. That’s what we’ve been doing and are continuing to try and do.”
To help protect the state from a breach, the state’s cybersecurity team has been increased by 80%. Thanks to legislation passed last year, the state has also been able to nearly quadruple the capacity of its cybersecurity tools, Riley said. The state’s cyber agency also has expanded authority to help other organizations across the state, including higher education, K-12 education, counties and cities.
Riley thanked the Legislature for its help to continue to build cybersecurity protections in the state.
The agency is going through a survey assessment with organizations to allow ITD to better understand the state of cybersecurity across more than 500 entities. Once the survey is finished, the findings will be put into a comprehensive report that will be given to the Legislature.
Riley said people should be “very vigilant” with what gets sent to them, whether that’s emails, text messages or a variety of other avenues. There has been a large increase in text messages going to people that contain irrelevant information and/or links that can be used to lure people’s personal information.
“Any system can be used to be able to try and exploit your data,” Riley said.