Experts: Hackers will continue to infiltrate Illinois' state agencies

SPRINGFIELD, Ill. (WICS/WRSP) — It's been a busy year for domestic and foreign data hackers, and now cybersecurity experts are sounding the alarm.

Recent examples of cyber-attacks include an estimated $400 billion stolen in unemployment benefits across the country, a hacked pipeline shuttering gas stations across the Eastern Seaboard, and the Illinois Department of Employment Security catching two million cases of identity fraud against Illinoisans.

At a hearing for the House Committee on Cybersecurity, Data Analytics, and IT on Thursday, July 16, experts warned lawmakers that the attacks will only get worse.

“They’re not going to stop at unemployment insurance. They made a fortune. They’re going into your Medicaid system, which is much more lucrative. They’re going into your food stamp system, and they’re going to go into your Department of Revenue. And you clearly don’t have the tools to stop it at this point," Haywood Talcove said.

Talcove is CEO of the government division of LexisNexis Risk Solutions, a firm that provides data security and fraud prevention to private and public entities.

Talcove called on lawmakers to invest more in the state's cyber defenses.

At the same hearing, acting secretary of the Illinois Department of Innovation and Technology, Jennifer Ricker, confirmed cyber-attacks are getting worse, and foreign hackers know to target government agencies storing sensitive and personal information about state residents.

"The sophistication and scale of malicious cybersecurity attacks over the last year has significantly increased in frequency and severity," Ricker said. "What we're seeing now is really organized criminal and state actors that are successfully exploited vulnerabilities in networks worldwide."

Ricker says the state is increasing their pace of adoption for strengthening cybersecurity defenses across agencies. Those defenses include a universal identity and access management program, prioritizing the retirement of unsupported hardware and software, and decommissioning unused domains.

"We've prioritized strengthening our security strategies and deploying tools in order to defend, detect, and prevent attacks," Ricker said.

"Right now, they don't have to be that much smarter. They're quite successful as it is," David Nicol said.

Nicol is Director of the Information Trust Institute at the University of Illinois at Urbana-Champaign and a professor of computer science. He says cybersecurity is like "a game of cat and mouse," with constantly adjusting defenses and attacks between hackers and those they infiltrate.

Nicol says identity and credit card fraud are one of the biggest risks to Illinoisans whose personal data is stolen from state agencies or taken from private entities.

"These people are able to get in and interfere with the essential services of our government," Nicol said.

Nicol says ransomware attacks are one of the biggest concerns for large organizations today, where hackers infiltrate a network and cripple it entirely until the organization pays a "ransom fee."

He recommends a few easy defenses for both public and private sector employees: never click on outside links, especially those that seem suspicious and aren't from a recognizable internal email. He also recommends that every organization set up two-factor authentication.

"Having something beyond passwords is really important," said Nicol.

At Thursday’s hearing, Ricker said that federal agencies are in the best position to ward off cybersecurity attacks. State agencies are next, followed by local governments.

The City of Springfield provided us with a statement saying: “Cybersecurity is a priority for the City of Springfield. The city cybersecurity program continues to follow industry standard best practices in an ever-evolving landscape.”