to go when you get started.
Okay. Check 1-2. You rolling?
Yep.
All right. So we have it for the camera. Could you introduce yourself with your name and
title?
Yep. I'm Zach Oster. I'm the chair of the Department of Computer Science at University
of Wisconsin, White Water.
So about cybersecurity, it seems to be a growing field. Tell me about it as a university program.
So here at UW-White Water, we have a number of different programs related to cybersecurity.
We have a cybersecurity major. We've got about 120 students studying that.
We also have cybersecurity programs in our information technology and supply chain department,
our College of Business and Economics. So we are a center of academic excellence in
cyber defense designated by the federal government. So we're active in outreach. In that area,
we've helped school districts. We've helped agribusinesses secure their systems.
Why is cybersecurity a growing field? Why is it so important these days?
It's so important because the number of cyber attacks just keeps growing. There are more
every year. They become easier to do every year with the advent of AI that makes cyber
attacks even easier to do without as much specialized knowledge. And there are more targets.
Okay. So tell me about the state of cybersecurity. How would you describe how secure we are?
Well, not secure enough. And no system is ever perfectly secure. That's impossible.
But there's a lot of places where there's trailing off into the distance.
Tell me about some areas. Tell me about some areas where we're most vulnerable. So a lot
of the areas where we're most vulnerable are places you might not expect. So local
governments tend to have vulnerabilities because they have small IT staffs. They maybe don't
have a lot of funding for cybersecurity. It's not a top priority. The top priority is serving
the people of the city or the county or the school district. But they have valuable information.
They have information about the police records. They have property records. All kinds of
vital records that are worth money on the open market. Or on the black market maybe.
Yeah. So what are the major concerns around cybersecurity? What kind of damage can be
done? So the amount of damage that can be done, it varies by the cyber attack. A lot
of cyber attacks these days are ransomware. I think I've seen a number that it's about
70% of all cyber attacks are ransomware. I'm not sure about that. But a lot of cyber attacks
tend to be ransomware. Where you have an attacker is able to get access to a system and crypt
all the data, lock other people out and basically send them a ransom note. A literal
ransom note saying pay me this amount of money in real money or more often in Bitcoin. And
you might get your data back. And if not, your data will just go away.
What are some generally some kind of the cyber attacks you mentioned ransomware? Tell us
what are the other attacks? So there's ransomware. There are there are phishing attacks which
can be linked to ransomware. You have, you know, somebody sends you an email pretending
to be someone else. There's often a link that you can click that goes to a page that looks
like a real website where they're asking you to change your password or entering your bank
account information, enter your social security number, any number of things. And it's not
the website you think it is. It's somebody else. If you enter the data, they've captured
those data and they can do whatever they want with them. Okay. Talked about it briefly,
but walk me through a ransomware attack from start to finish. How does that look? Yeah.
So with a ransomware attack, normally there's some some way that the attacker can get into
a system. Maybe it's an it's an open connection on the internet. Maybe it's a website that's
not fully secured. It could even be a building where someone's able to walk into the right
room and plug in a device in the right computer. So that regardless of how they do it, there's
the attacker finds a way into a system and that's easier to do than ever before. A lot
of that like scanning for vulnerabilities for ways into a system that can be done in
an automated way. It can be done using AI to simplify the process. Once they're in, they
find a way to they find a way to scramble the data to encrypt the data. They might also
pull off a copy for themselves before they do that because they can go sell those data
on the dark web. There are people willing to pay money for that data. And once they've
done whatever they want to do, they lock down the data or they lock down the system.
They lock down the network and they send a ransom note to whoever they think will have
the money to pay. And then what are the options from the victim's standpoint of about what
to do? So one option is pay the ransom. That's normally not encouraged, partly because we
don't want to incentivize people to do more ransomware attacks. If people think they can
make easy money from this, they're more likely to do it. But partly because if you pay the
ransom, there's no guarantee they'll actually give you access. They might have actually destroyed
everything behind the scenes and now they have your money and your data and you still
have nothing. So there's a chance you might not get what you pay for. Another option,
probably the best option is to contact your local law enforcement. That's something you
should do right away. So law enforcement has special cyber incident response teams.
There are several throughout the state of Wisconsin. A lot of them staffed by volunteers
with cyber experience. The federal government also has cyber incident response folks who
can help in some cases navigate the process. UW Whitewater also has a cyber security center
for business that can help with some of that outreach. If we can't do the work ourselves,
we can certainly refer people to those other resources to help them get help recovering
their data hopefully and certainly developing better practices to make themselves and their
organizations more resistant to cyber attacks in the future. Do you think it places should
be, is there hope for getting the data back and restoring things to where they used to
be? Are we talking about this specific? Not this specific in general, just yeah. When
there is a ransomware attack, is it possible to correct things? If you have, if you or
your organization has backups of your data, then yes, that's probably the best case scenario.
If you already have your data backed up, if you're updating those on a regular basis,
keeping them fresh, then you can just look at the ransomware note and say, well, we already
have a copy backed up, so no thanks. We won't pay. And then there is some recovery time.
You'll have to probably take the old system down, load those backups in, get everything
functioning. A lot of the times searching for data becomes challenging because you have
to rebuild those databases, the search systems, get everything re-indexed. But that's probably
the best case scenario is if you have those backups in place, then maybe you lose a day
or two of work, of data, of transactions. But you're able to recover what you had and
eventually get back up to speed pretty close to where you were before. So having backups
ahead of time is really the best protection against a ransomware attack or any other kind
of cyber attack. Who are the targets of cyber attacks? Increasingly anyone is the target
of a cyber attack. Government agencies tend to be more attractive targets because they
have those data that might be confidential, they might be protected, they have a lot of
personal information about us. Large companies are also attractive targets to cyber attackers
for the same reason. Lots of data that are not publicly available that can be valuable
to other people. But even individual people like you and me are potential victims of cyber
attacks. So we get phishing emails. I personally get phishing emails multiple times a week
sometimes as a professor in computer science. Okay. You mentioned this but are smaller government
entities or agencies or smaller communities more vulnerable attack? More vulnerable victim
for cyber attacks? So smaller government agencies, local governments can be more vulnerable
victims and often that's because they just don't have as many resources to devote to
cyber security specifically. If you're the federal government, if you're a state government,
you probably have enough resources to have dedicated cyber security specialists working
for you. If you're a local government, especially in a smaller locality, a smaller city or county
or school district, you're less likely to have people who can just dedicate their time to
monitoring for cyber attacks and intrusions and data breaches. Okay. Is there something
about their computer systems that maybe also make them more vulnerable? So in a lot of cases,
smaller governments might have older computer systems. They might not be fully patched in some
cases. Again, that's a resource limitation in some cases. Maybe they can't afford the latest
and greatest or they or they don't have people to make sure that all the systems are patched.
They're getting the latest security updates. They're protected as well as we would maybe want
them to be. Okay. How disruptive can these attacks really be? They can be very disruptive. They can
take an entire county government or an entire city government or organization down for multiple
days or part of an organization. Then what happens after the attack? You mentioned they
have to rebuild the system. Is that easy? What happens after? So rebuilding a system,
it's a lot easier if you have a backup. If you don't have backups, it becomes much more difficult
because now you're looking at possibly reconstructing data from other sources.
Maybe old paper copies if you have them. But even if you do have good backups, it does take time.
So initially when you're responding to a cyber attack, the first things you're doing are
figuring out what the damage is, how far did the attackers get into the system, what did they
possibly take. And then you're also doing public notifications. You're basically telling the
public as much as you can at the time, making sure you're not getting false information.
So there's often limits to how much the public knows after a cyber attack. Sometimes it's because
the investigation is still ongoing. They don't know how much damage is spent on.
Sometimes it's maybe there's a criminal investigation going and law enforcement doesn't want to tip
off the attackers. So there can be any number of reasons why not much information is shared early
on. Is there insurance against cyber attacks? There is cyber insurance. And increasingly,
it's very much recommended that businesses have cyber insurance and all kinds of organizations
have cyber insurance. That's something people can talk to their insurance agents about.
Even a lot of personal insurance policies have coverage for cyber attacks. So as individuals,
it's worth checking whether you're home or your auto insurance includes coverage for cyber attacks.
I know personally, I have cyber insurance on my auto insurance coverage. So it's definitely
worth it for people to talk to their insurance agents. There are private companies that sell
additional cyber insurance. You've probably seen advertisements for some of them. And that can
be a good choice too, depending on individual people's risk profiles, what they feel they need
to protect themselves, or it may not be necessary. So I'd encourage people to talk to their insurance
agents. And sometimes they can give tips on ways to be more cyber prepared too. How would that
work if a government entity wanted cyber insurance? How would that help protect them or help them
after an attack? So of course, with insurance, part of what you're covering is the costs of
recovery. That if you have cyber insurance, you can make a claim to the insurance company to pay
back some of, for example, the overtime that you're paying IT people and communications people to
respond to an incident like this. But another thing that can give you is access to experts.
So cyber insurance companies will sometimes have their own experts that can help you do
some of the investigation. And they can also help you put you in touch with law enforcement folks
who have more resources to do cyber forensic investigations. Some numbers from the State
Department of Justice is showing that there are more cyber attacks being reported here in the
state. Do you know why we're seeing an increase in cyber attacks? In some ways, cyber attacks are
getting easier. I think that's a big reason, especially with AI attackers are using AI too.
And it means they can spread more attacks more widely. And basically, they just have to get lucky
once and they're into a system and they can start doing damage. Sure, sure. Should victims
consider paying the ransom? I wouldn't recommend that victims consider paying the ransom.
There was the recent and still ongoing case in Iowa County where they received a ransomware
cyber attack. Can you tell me what you think of that attack and then what's happening there?
Well, it's, first, it's unfortunate that it happened. But it looks like it's they had backups
for everything. So one thing about registers of deeds offices, they keep good records. It's
their job. And so it looks like they've been able to reconstruct the records from what they had,
even if that has been a time consuming process. They've slowly been able to get things back
online and they're continuing that process. And that's, I'm sure they're all putting in a lot of
extra hours. Yeah. Yeah. So where do you see this all going in the future? Cyber security,
ransomware and cyber attacks? What do you, what do you see happening down the line?
Well, it's going to continue being a problem. So cyber security in general, it's always an
arms race. So attackers get better at their jobs, cyber defenders get better at finding those attacks
and then attackers find new ways into systems. So it's a little bit of a game of cat and mouse.
But there will definitely still be cyber attacks and still be a need for people to be
aware of good practices in their own lives for cyber hygiene. Sure. In hindsight, after an attack,
what should agencies or individuals even have done? Like immediately after an attack? Yeah. I mean,
if, if we had a magical time machine, if somebody got attacked, what should they have done to prevent
an attack? Oh, to prevent it before. Yeah. So one really good way of preventing an attack.
I'll say it again. Yeah.
One of the best ways to prevent yourself from being attacked or your organization is just
be careful before you click. Think before you click. We all get a lot of emails. We,
we work quickly. We think fast. And sometimes if we're just not quite careful making sure that
email is from the people we think it's from, we can click the wrong link and end up giving our
information to someone who shouldn't have it. And that can be the way in that they need.
Okay. Anything else on this topic that I haven't asked about that's important?
Why did I check right now? Go ahead. Yeah. Is there anything you're thinking of?
Sorry. Anything you're thinking of? Okay.
Let me meet that. I forgot to meet that.
Okay.
Oh, that's something I probably could talk about incident response planning.
Like planning for something to happen. Yeah. Okay.
Okay. Good. So how should an organization or an agency, a government agency plan for a cyber
attack? So there are steps that you can follow to plan for a cyber attack. First,
assume that you will get attacked eventually. So no system can ever be perfectly secure.
No organization can ever be perfectly secure. Essentially the attackers just have to be lucky
one time. So it's important to have plans in place. Think about when the attack happens,
who are you going to call? Are you going to call law enforcement? Are you going to call
your cyber insurance provider if you have them? Think about the messages that you're going to put
out to the public if you're an organization, to your friends and family, if you're a person.
So probably the first and most important step is know who you're going to call when there is
an attack. Okay. Are there ways that systems can be tested prior to an attack? Is there
something like penetration testing? Is that a thing? Yeah. So there are companies that will do
penetration testing. There are other organizations that will do it as well. I'll start that again.
Sure. Sure.
Okay. You can hire people to do penetration testing. It's essentially ethical hacking.
You're giving them permission to try to get into your systems, your databases,
and see what they can find, see how they can get in. That can include simulated phishing attacks.
So I know here at UW Whitewater, we have those. Our IT folks will send out
phishing emails that they craft. And if people click the link, it goes to a training page that
says you collect a phishing link. Here's how to avoid that in the future. So training your
people is a really good way to prevent cyber attacks. And that can be a good way to do it.
Those penetration testers, they'll give you a report afterward. They'll describe to you how
they got in step by step to help you close those gaps. Okay. Anything else?
Like we covered a lot of ground. Okay. You want to do a little room tone?
Sure. Okay. We'll just sit here quietly for a few seconds.