The Missouri Department of Conservation (MDC) is currently investigating a suspected cyberattack after being notified of suspicious activity on one of its data servers by its cybersecurity vendor. As a key agency responsible for managing Missouri’s wildlife and natural resources, MDC took immediate action by activating its Incident Response Team to analyze the system and mitigate any potential issues. The team is working alongside a third-party cybersecurity firm to conduct an in-depth investigation into the activity and assess whether any data has been compromised. The department remains focused on determining the full scope of the breach and ensuring the safety of its data and infrastructure.
In the event that personal or sensitive data is found to have been compromised, MDC has committed to promptly communicating with the impacted stakeholders.
As part of its ongoing efforts, the department is continuing to monitor all its systems closely to detect any additional malicious activity. The collaboration with external cybersecurity experts has allowed MDC to explore the scope of the attack and remediate any issues swiftly, demonstrating its commitment to maintaining the integrity of its operations and the security of its assets moving forward.
The investigation into the suspected cyberattack comes in the wake of a 2022 audit conducted by former Missouri State Auditor Nicole Galloway, which flagged several significant cybersecurity deficiencies within the department. The audit found that MDC lacked a comprehensive department-wide security plan and had not conducted thorough risk assessments. In addition, there were concerns over improper account management, such as failing to remove linked accounts of terminated employees and not enforcing mandatory password updates for staff.
The audit also revealed lapses in the documentation and response to security incidents, which left the department vulnerable to attacks like the one now under investigation.
Following the audit, MDC has implemented several of the recommendations outlined in the report to address these vulnerabilities and improve its cybersecurity posture. The department is also in the process of finalizing a draft security plan as part of its broader cybersecurity policy to ensure better protection against future threats. These steps are crucial to addressing past shortcomings and enhancing MDC’s ability to respond more effectively to potential cyber risks in the future, ensuring that it is better equipped to safeguard its data, systems, and operations moving forward.
Reference:
