How Inexperienced, Unqualified IT Employees Made a $3Million Mistake

Cyber Attacks Increased awareness can lead to over reaction

A recent article in the Washington Post documented the results of a rather low level attack on the systems of the Economic Development Administration which resulted in an over the top response.  The result was a $3 million dollar investment to clean up an issue that could have been addressed with standard anti-virus tools.

How did something like this happen? 

Paranoia is a big part but there were fundamental flaws in the communication process, structure of the IT group and structure of the systems themselves.  Unfortunately this issue is not confined to the Economic Development Administration.  Silo’s of information and responsibility,   inexperienced, unqualified IT employees and a poor system for communication are far more common place then we would hope to see.  These structural flaws lead to poor decision making across the board and particularly in a “crisis” scenario.

How does an organization combat these issues?

    1. Gather an accurate assessment of the team responsible for monitoring and managing the networks.  Do they have the necessary skills sets and systems in place to prevent widespread issues?
    2. Determine the communication and decision making protocols as they relate to IT systems.  Far too often the issue starts with poor decision making on the front end.  Decision makers and the people supporting them are not in a position to assess key systems and often rely on the knowledge of a single person or small group to make those decisions.  This leads to disjointed IT systems and unclear or undefined responsibilities.
    3. Test the process and systems.  From a technology standpoint are the critical systems patched and up to date.  Are security devices and anti-virus solutions in place and actively managed.  Are the communication policies documented and updated as personnel change.

These steps can go a long way in helping to ensure your organization does not end up in the situation the Economic Development Administration did.