(844) 627-8267
(844) 627-8267

Park Ridge Does Well In Hacking Tests, Will Still Get Updates | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Park Ridge City Hall

The information technology security company that Park Ridge hired to test its systems found that the city did a good job of protecting its digital infrastructure — but it still recommended some improvements.

Park Ridge hired Wheaton-based Guard Street partners back in February. The consultant spent the next three months on the systems and the security procedures. It tried to hack the systems to find potential vulnerabilities, and even had a person try to get access to the systems in person, which the city staff responded to quickly.  

Guard Street CEO Vince Mazza gave an overview of their findings during Monday’s (June 3) Park Ridge Administrative Services Committee of the Whole meeting. Because of the sensitive nature of the security data, he didn’t go into any details in public. Mazza said that Guard Street will do another test once all the improvements are put in place, and generally recommended that Park Ridge run tests every year. IT security, he said, is a fast-evolving field, and what is good practice now may not cover everything a few months later.

Mazza told the committee that Guard Street had “a team of ethical hackers and security engineers” do tests on two fronts — simulating a typical hacker attack and trying to get into the system more quietly. The purpose wasn’t just to see vulnerabilities, but to see how quickly Park Ridge could respond to a hacking incident and get back on its feet. Guard Street found that city had “a small attack service” — in other words, few opportunities to hack from the outside. But that didn’t mean there weren’t defenses that couldn’t be shored up.

“If we had more time to break in, we probably could have,” Mazza said.

The presentation mentioned five vulnerabilities that weren’t urgent, but which should be addressed further down the line.

The internal tests found eight “super-critical” issues that were addressed within two weeks, and 11 “critical” issues that should be addressed within 30 days. The presentation also mentioned 13 issues that should be addressed within 60 days and 21 issues that should be addressed within 90 days.  

Guard Street had an employee who tried to physically get into the staff systems by, among other things, dropping USB drives. Earlier reports to the city council indicated that the city staff wasn’t aware that the test was coming, though Park Ridge police were alerted ahead of time. The staff responded quickly and the city passed the test.

“Within minutes, calls were being made,” Mazza told the committee. “The communication was nothing short of impressive.”

Aside from system issues, Guard Street is working with Park Ridge on updating its policies. Mazza said they were generally sound, but some refresh was necessary.

He said that having regular security tests isn’t just a good practice, but will save Park Ridge money in the long run.

“As you do more at higher frequency, the costs will go down,” Mazza said.

Ald. Harmony Harrington (4th) wondered whether fixing security issues would require any extra funding. Leisa Niemotka, the city’s administrative services manager, said that some expenditures will go before the council for approval.

“You will start seeing things in budget over the next three years,” she said.

Support local news by subscribing to the Journal & Topics in print or online.


Click Here For The Original Story From This Source.


National Cyber Security