The state Auditor’s Office revealed Monday that professional hackers breached security defenses of state agencies several times earlier this year and put loads of sensitive data potentially at risk.
Fortunately, Auditor Troy Kelley ordered the cyber attacks and taxpayers financed them. And, most importantly nothing was lost.
It was all done as part of a $1.1 million performance audit of the state’s information technology (IT) security system. The audit focused on how well five state agencies secured data, protected their respective network, controlled access to the data and managed operations.
Auditors found 347 instances where agencies were not in full compliance with current state security standards; the majority involved a lack of documentation.
However, IOActive, a Seattle firm hired to test the security of applications and the vulnerability to cyber attack, found “weaknesses at all five agencies,” according to the report.
Auditors recorded 46 issues, seven of which auditors deemed a “critical” risk described as carrying the potential of “extreme impact to entire entity and almost certain to be exploited.”
Another 12 were found to be of “high” risk, meaning they could be exploited by an attacker with minimal skills and 11 others considered to be of “medium” risk in which an “expert attacker could exploit with minimal difficulty.
The audit did not identify the agencies nor did the findings detail where the weaknesses were detected out of concern that hackers could use the information to attack the state.
All of the agencies have either fixed, or are working to working to fix the issues, according to the audit.
Recommendations include requiring the agencies to cure the weaknesses exposed during the audit. It also suggests the state’s chief information officer revise the state’s security standards to align more closely with national standards .
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.