The government of Puerto Rico is making a multimillion-dollar effort to improve its cybersecurity after suffering a string of embarrassing attacks, including a phishing attack in 2020 that siphoned $2.6 million from a public pension system.
See Also: OnDemand Crowdsourced Security and DevOps: A Few Things You Probably Didn’t Know
A $7.6 million agreement with the Multi-State Information Sharing and Analysis Center will improve continuous monitoring on government networks. The unincorporated U.S. territory in 2021 centralized cybersecurity operations across the government and established a security operations center.
Nannette Martínez Ortiz, the interim executive director of the Puerto Rico Innovation and Technology Service, told Information Security Media Group that continuous monitoring offered by the MS-ISAC should minimize “the impact of any Phishing/Ransomware-type cyberattack that we may experience in the Government of Puerto Rico.”
The past decade has been challenging for the island commonwealth of 3.2 million residents, which effectively entered bankruptcy in 2017 – a state it exited only months ago. Its many problems were compounded when, in February 2020, the island’s government-sponsored Industrial Development Company transferred more than $2.6 million earmarked for pension payments into a foreign bank account after receiving a phishing email.
The Industrial Development Company said in March 2020 it recovered the funds.
Local media also reported that the Puerto Rico Tourism Company fell victim to a phishing attack in December 2019, sending $1.5 million to a fraudulent account.
The Puerto Rican firefighting department in October 2020 acknowledged a ransomware attack demanding $600,000. Meanwhile, earlier this year, the Puerto Rican Senate suspended proceedings one day in January after the legislative branch underwent an attack that disabled its network access.