[BreachExchange] Atlanta was warned about vulnerabilities months before cyberattack, audit shows

Destry Winant destry at riskbasedsecurity.com
Thu Mar 29 00:01:25 EDT 2018 

https://www.cbsnews.com/news/atlanta-warned-cyber-vulnerabilities-audit-shows/

ATLANTA -- Atlanta was warned months before a recent cyberattack that
its IT systems could easily come under attack if they weren't fixed
immediately, an internal audit obtained by the CBS affiliate WGCL-TV
shows. In the 41-page audit, which was presented to city leaders last
summer, the city was told that its IT department was on life support
and that were no formal processes to manage risk, WGCL-TV reports.

The document states, "the large number of severe and critical
vulnerabilities identified has existed for so long the organizations
responsible have essentially become complacent and no longer take
action."

The audit also said "departments tasked with dealing with the
thousands of vulnerabilities ... do not have enough time or tools to
properly analyze and treat the systems."

"This situation represents a significant level of preventable risk
exposure to the city," the audit said.

The city auditor said a department typically responds with a plan of
action within weeks, but it took the city's IT department months to
respond.

"One of the audit findings was: they need more resources," City
Auditor Amanda Noble said.

"The people that are working in the department now, and have been
working very hard, are just busy putting out fires," she said.

Noble said the city had been implementing security features when the
cyberattack unfolded last week.

"There were some vulnerabilities that had been identified for a while
in the previous administration, definitely, that they were still
working to fix," Noble said.

She also said threats increased tremendously over the last year, and
that those threats are fluid and often hard to keep up with.

Officials were still trying to recover this week, days after the
ransomware attack crippled the city's computer network and blocked
access to electronic records. Investigators including the Federal
Bureau of Investigation are working to figure out the identity of the
culprits, who demanded the equivalent of about $51,000 in bitcoin to
unlock the shuttered systems.

The use of ransomware, which lets hackers seize control of computers
belonging to individuals, businesses and local governments, has been
on the rise in recent years.

More information about the BreachExchange mailing list