Over the last several years, cybersecurity has taken on increasing importance in all businesses, especially government. The number of cyber attacks that have impacted the operations, finance, and trust in local government has been especially high recently. This includes a highly-damaging attack to a city here North Texas in the last few months, and a debilitating attack on 23 agencies in Texas in August of last year.
Three years ago, Allen embarked on a program to educate our employees and improve the technology systems that detect, counter, and respond to cyber threats. Initially, phishing testing and cyber training was provided to all employees and continues an a regular basis today. The City's firewalls were tuned to tighten access to our network, password policies were improved to meet CJIS standards, intrusion detection and prevention systems were deployed to notify IT staff of compromise, and improved antivirus systems were deployed to servers. New backup systems provide regular, reliable backups and quick time to recovery.
Even with all of these measures, testing from the Department of Homeland Security in 2018 showed that even a single click of a malware link by an employee or a determined cyber-attacker could give access to our systems. Allen, like all organizations, can never prevent 100% of cyber attacks. By layering our security tools and services we do, however, stand a much better chance of limiting damage and quickly recovering our systems.
One area common to many organizations is the lack of 24/7 awareness, monitoring and the ability to quickly to respond at all times to threats. While we take security very serious, a mid-sized organization like Allen does not have the IT expertise and staffing to field a large team of security professionals to operate a security operations center. Threat actors know this, which is probably why the devastating security attack on another local city started at 2AM in order to lock key systems while IT was unavailable.
IT is proposing today to employ the software and services of Dell Secureworks to provide 24/7 network monitoring to detect, respond to and remediate threats on the City of Allen network. A team of 300 security engineers operates multiple Security Operations Centers (SOCs) around the country, gathering information about hundreds of customer networks to create a large knowledge base of known and emerging threats. These SOCs will remotely monitor Allen's network using software installed on all PC and server endpoints to actively detect and disable compromised systems. The Secureworks team will work in partnership with Allen's IT staff, including us in the workflow of addressing these threats, but not requiring a 24/7 commitment from our staff. Instead, an escalation and notification procedure will be put in place to include key IT staff during off hours, weekends and holidays and coordinate remediation efforts.
For less than the cost of hiring a single full-time security engineer, Allen will gain the additional layer of protection and expertise of a market leader in the Managed Detection and Response (MDR) arena. Based on discussions with other local cities that use or plan to use this service, Allen IT expects little additional operational overhead to monitor and participate in this project. Instead, the added safety and early warnings received from the Secureworks team should help save time in avoidance of wider system compromises.
Services, like these from Secureworks, is another piece to the security puzzle and should help improve Allen's cybersecurity posture.