Chief Information Officer Robert Benavidez said the new 11-page policy includes some elements that might have helped had they been in place prior to the Jan. 5 attack, including one requiring a multi-factor authentication process to access certain accounts. Even with a password, someone attempting to log in will need another code received via a separate device or application, such as a phone.
Benavidez said the county was already moving toward such a requirement prior to the attack but had not yet implemented it. Accounts "were definitely one of the mechanisms (the attackers) exploited" in the incident earlier this year, Benavidez said, though he said he was not able to provide more detail.
"A year ago I would've said it's a good idea," Benavidez said. "Today it's a necessity."
The county's new policy — which replaces existing internet use and email policies — also notes that " Bernalillo County systems are monitored by a 24×7 Security Operations Center," which Benavidez said is a new development. All network computers have sensors that will alert the SOC of suspicious activity to initiate necessary intervention, he said.
The Bernalillo County Commission unanimously approved the new policy Tuesday night.
The January ransomware attack had a dramatic impact on county operations. The county closed its Downtown headquarters for several days, temporarily locked down the Metropolitan Detention Center and was unable to process legal documents such as marriage licenses and real estate transactions.
But the county was able to recover without paying attackers a ransom, Benavidez said.
The county had insurance to cover up to $2 million in costs associated with such incidents. Its deductible is $250,000, and Bernalillo County is splitting the cost with the statewide New Mexico Counties organization.
© 2022 the Albuquerque Journal (Albuquerque, N.M.). Distributed by Tribune Content Agency, LLC.