New Hampshire Chief Information Security Officer Cybersecurity Insights 2024

New Hampshire Chief Information Security Officer CYBERSECURITY DISCUSSION KEN WEEKS CHIEF INFORMATION SECURITY OFFICER OCTOBER 23, 2024 1

LETS TALK ABOUT THIS STUFF Ripped from the NH Public Sector Headlines! What's Next for Cybersecurity Program Enhancements? Whole of State Cybersecurity Program Update. What are YOUR ideas? Let us know, you don t want to rely on us for all the good ideas. "Clickers are clicking, Phishers are phishing, and Grifters are Grifting. You need to Invest in your 'Human Firewall' now!" - Ken Weeks, Every time he opens his mouth. 2

RIPPED FROM THE NH CYBERCRIME HEADLINES! Some of my favorites...but there are more in the following graphics! January: Business Email Compromise! Teacher's email compromised and a linked PDF was sent to 1100 students. 76 Students Opened and clicked, and 25 provided information. May: A City Attorney's email credentials were compromised with a Phishing email. A Town Administrator had his credentials compromised by a credential scraper. A Police Chief email account was compromised with a Phishing email. June: Business email compromise. Town employee email account compromised and resulted in $10K of fraudulent ACH transfers. August: Living off the land attack and Ransomware! All access to VMWare hypervisor lost. Primary domain controller wiped. Local NAS for primary backups was wiped and reset. Burned to the Ground. "Even the most sophisticated malicious actors are not 'hacking into' our systems here in NH, they are 'Logging in.'" - Ken Weeks, Every time he opens his mouth. 3

PUBLIC SECTOR INCIDENTS RESULTING IN PRIMEX CLAIM: JAN AUG 2024 11 ACH / Check Fraud 20 Phishing/Credential Harvest Ransomware Business Email Compromise 5 27 4

INCIDENTS BY MONTH AND INCIDENT RESPONSE COSTS 12 160,000.00 140,000.00 $472,878 10 120,000.00 8 100,000.00 6 80,000.00 60,000.00 4 40,000.00 2 20,000.00 0 0.00 JAN FEB MAR APR MAY JUN JUL AUG 5 Reported Incidents Remediation Cost

WHAT'S NEXT FOR STATE CYBERSECURITY ENHANCEMENTS? We are solid with our CROWDSTRIKE Services through July of 2028. (Endpoint/Server, Identity Protect, and Mobile) All branches of State Government to .GOV domains! At the Last meeting, I mentioned a massive Cybersecurity Request for Information (RFI) What s out there in Industry we should consider? The Answer? Secure Service Edge. What are the benefits of SSE? Stronger, consistent cloud-based security that extends protection across Agency HQ and out to branch offices and remote & mobile users. Secures Cloud Services! Scalability to adapt to the State s shifting needs, such as adoption of new cloud services and growth or movement of the workforce and users around the State. Users connect to applications vice the network. Helps prevent lateral movement of bad actors. 6 When the CS suite and SSE are fully implemented, we will have something we can REALLY call layered security.

WE CREATED A PUBLIC-PRIVATE PARTNERSHIP TO ACHIEVE WHOLE OF STATE CYBERSECURITY IMPROVEMENTS NH Department of Information Technology (DoIT) NH Department of Environmental Services (DES) NH Department of Safety (DOS) NH Public Risk Management Exchange (PRIMEX) New Hampshire Municipal Association (NHMA) The Overwatch Foundation The Atom Group 7

WHAT'S NEXT FOR WHOLE OF STATE CYBERSECURITY ENHANCEMENTS? Municipal Cyber Defense Program (MCDP) is funded and growing! SLCGP for FFY2024 (To learn about past years, go HERE.) CROWDSTRIKE for ALL Public K12 High Value Targets STOP RANSOMWARE! Water and Wastewater Cybersecurity Improvements. Our STATE AGENCY-PRIMEX-ATOM-OVERWATCH-NHMA-CISA Public-Private Partnership effort is producing outcomes envied by about 48 other States and Territories! Ask the State CIO if you don t believe me. Those other two states are New Jersey and Texas they are doing pretty good as well. 8 "Clickers are clicking, Phishers are phishing, and Grifters are Grifting. You need to Invest in your 'Human Firewall' now!" - Ken Weeks, Every time he opens his mouth.