Whether it is attacks on critical infrastructure like the Colonial Pipeline along the East Coast, or governments like the City of Tulsa and Seminole Nation, the state's top cyber security expert says the volume of hacks will likely only increase.
“I think the law of averages is going to tell you that we are going to see more and more of these things,” Oklahoma Chief Information Security Officer Matt Singleton said.
And for the state of Oklahoma, the number of attacks has been off the charts.
“In the first 60 days of 2021, we had 3.8 trillion security events where there were some probes against the state network that needed to be defeated,” Singleton said. That breaks down to 700 attacks per second.
In Tulsa, the hack took out everything from the police department to parks and utilities. Services are still being handled offline, and for now the hackers say they don't want money, only to talk.
“We don't pay ransomware, that only furthers their efforts,” Michael Dellinger with the City of Tulsa said.
“It's like any other business model,” Singelton said. “Bad actors, especially ransomware, there is a quick pay day at the end of that if they can get people to pay that ransom and unfortunately a lot of organizations, they are paying the ransom.”
Singleton said the State Cyber Command has been providing guidance to the city of Tulsa, where there is not yet a timeline for restoring the computer services.
The Seminole Nation's casinos also remain closed without a timeline for reopening.
"The appropriate authorities have been notified and we are working with experts to determine any risks to data security,” the tribe said Tuesday.
Singleton said as the barrage of cyberattacks increases, we can all do our part by using two factor authentication and carefully reviewing emails from unknown senders.
“Unfortunately, we have to be right all of the time and the bad actors only have to be right once,” he said.
There is no reason to believe the pipeline, Tulsa and Seminole Nation attacks are connected, according to Singleton. He said it will likely be months before federal authorities know for sure.