ATOM Expands to Fight Cybercrime in NH.
Originally Posted on Seacoast Online
PORTSMOUTH -- The Durham Police Department. The Sunapee School District. The Town of Salem.
What these three entities have in common, besides being public agencies within the Granite State, is that each was attacked by ransomware, an online crime where data is essentially kidnapped and held hostage until a ransom is paid. Don’t pay the ransom and the data is destroyed or otherwise compromised.
According to watchdog agencies, there were a total of 304 million ransomware attacks worldwide in 2020. This was a 62 percent increase from a year prior, and the second highest figure since 2014 with the highest on record being 638 million attacks in 2016.
Attacks like these gained notoriety this year because they affected the food chain (in the attack on JBS, the world’s largest meat packer) and the utility infrastructure (in the attack on the Colonial Pipeline).
A Portsmouth company - The ATOM Group (https://www.theatomgroup.com/) is doing what it can to help fight off these attacks by creating a new office dedicated to helping local and federal law enforcement agencies, state government, community mental health and outreach organizations, as well as not-for-profits serving New Hampshire reduce their exposure to attack from ransomware and other malware.
The new office will be located in Concord, in the same Donovan Street building as the New Hampshire Public Risk Management Exchange, an insurance pool for public and private groups and agencies also known as Primex.
“The creation of the Concord office will enable ATOM to expand its cybersecurity incident response teams and provide a platform to serve and collaborate with New Hampshire public entities, law enforcement, and not-for-profits by providing services including training, collaboration, advanced cybersecurity capabilities, and forensic software at zero or substantially reduced cost to the organizations that serve our citizens every day,” said Jason Sgro, ATOM’s senior partner.
Sgro sees it as a people issue, more than a technology issue.
“Ransomware and cybersecurity issues are not really going to be solved by software, they're going to be solved by people. There's no silver bullet for this,” said Sgro.
Human behavior can trigger a cyber attack, so people have to be educated about the risks when it comes to their online behavior.
Again, according to the watchdogs, 54 percent of infections come from someone clicking on a spam or phishing email.
“They’re not trained and they get tricked into performing an action that results in a ransomware attack,” said Sgro.
ATOM is creating the office in partnership with Primex to help its clients with their online security. It will be known as the Office for Public-Private Cooperation in Cybersecurity.
“We've leased the space from them; it's a natural expansion of our footprint,” said Sgro. “The office is really divided into two sections. Part of it is just ATOM’s business expansion and needing more places for people to sit. And then there's a couple of offices and a large conference room, which are going to be dedicated to the private-public cooperation and cybersecurity.”
It has an area for training, according to Sgro, and it will serve as an incident response center in the event of a cyber attack.
Sgro will split his time between the new office in Concord and ATOM’s current quarters in the West End on Jewell Court. Four staffers will initially work in the Concord location; about 20 people work in Portsmouth.
Ransomware comes in a variety of forms, according to Sgro, and it can affect data stored not only locally on a hard drive, but also in the cloud on a remote server.
One attack is to destroy the data, then restore it only after the ransom is paid. Another is to kidnap the data and expose it if a ransom is not paid. Another is to change the data (such as change the information in medical records) and not change it back until the ransom is paid.
Sgro describes the bad guys as “threat actors.” He’s seeing cases where threat actors will contact cloud services, pretending to be the victims of ransomware, in order to gain access to data that they then hold hostage if let in.
“I don't think New Hampshire is different in terms of our cybersecurity readiness from anywhere else. I think everyone's being caught off guard by this. It's part of why we're choosing to invest in people” said Sgro.
Fortifying a network against attacks can be expensive.
“You can look at hardware and software and all of these expensive things, and those are great if you can afford them,” he said. “But if you can't, focus on people, because we can train people for relatively low expense. We can prepare them for emergency response the same way we prepare our other emergency responders for relatively low expense.”
“Ransomware attacks rely on tricking somebody in the beginning,” he added. “So, if we have less people getting tricked, that's not a really expensive thing to do.”
U.S. Sen. Maggie Hassan, D-NH, chairs the Senate Homeland Security and Governmental Affairs subcommittee on emerging threats and spending oversight, and she’s had her eye on ransomware as an emerging threat.
A recent subcommittee hearing included the testimony of Russell Holden, superintendent of the Sunapee School District that was the victim of an attack in 2019. The district’s data was seized and held for ransom. The district eventually was able to resume its operations without paying ransom, Holden told the subcommittee, but the recovery took nine days and cost more than $40,000 in fees, materials and hardware.
“More investment is needed at all levels of government to strengthen cyber defenses,” Hassan said.
Sgro said he believes the ransomware attacks will become more frequent and will evolve in an attempt to get around network defenses.
“This is just the beginning,” he said. “We’re standing on the shore, the tide is coming in, and we have a broom. That’s not going to work. It’s part of the catalyst for public-private cooperation, because none of us have the ability to take on this threat alone. We have to team up and pool our resources.”