October is Cybersecurity Awareness Month and officials are bringing attention to the internet crimes that continue to occur across the U.S. continent and Hawaiʻi.
On Oct. 7, the nation's largest water utility American Water Works experienced unauthorized activity within its online services.
The utility operates in 14 states, including Hawaiʻi, and serves more than 14 million people. Specific to the islands, it provides service to Hawaiʻi Kai on Oʻahu, as well as Waimea and Mauna Lani on Hawaiʻi Island.
Additionally, Ticketmaster reported it was hacked last month when customers were reporting problems with concert tickets being taken from their accounts and resold.
Across the islands, Times Supermarket and Don Quijote stores have been unable to process debit cards or publish weekly ads due to what its parent company called “suspicious activity on certain systems” in their network. This followed the discovery of credit card skimmers at Times Supermarket self-checkout stands last year.
Vince Hoang, chief information security officer at the state’s Office of Enterprise Technology Services, spoke with HPR about the attacks on larger systems.
Hoang said the department has asked the governorʻs office to issue a proclamation declaring October Cybersecurity Month.
He also said that within the state government, there are several plans to raise awareness for cybersecurity.
"Right now, we're sending off weekly reminders on best practices. The way we provide that information is we roll out that information to our IT contacts across the various departments within our enterprise and ask that they then forward that off to their specific department staff," he explained.
"Another area that we're focusing on is coordinating some remote sessions to discuss various technologies and security," Hoang said.
In addition to this, he said the department is also conducting what they call a "tabletop exercise."
"With that, we bring in all the departments that we support, sit them in a virtual room and work through a sample incident situation. And so we'll go through and identify an incident that potentially happens, and we work through the process on how to validate, confirm it's truly an incident, and put in the appropriate measures on how to respond," he said.
Hoang said in Hawaiʻi, technology is generally older than in an "ideal world."
"There are systems that are current — we need to put in appropriate incremental work to keep them current, and then the older systems, we have to make a decision on whether it's appropriate to keep them running, and if so, we need to isolate them to protect them from potential attacks," he said.
He said there are actions residents can take to minimize the risk of being cyberattacked.
However, a lot of effort needs to go into protecting existing accounts as well, and that really boils down to having good, unique passwords whenever possible. That includes password managers and enabling two-step or multi-factor authentication to protect your personal accounts, Hoang said.
This interview aired on The Conversation on Oct. 9, 2024. The Conversation airs weekdays at 11 a.m. on HPR-1.
