Insider Threat Case Study: Shawnee County

Shawnee County faced an unknown insider threat to its network. The solution was to call SecuLore, who was ready to help with swift and effective action to mitigate the insider threat, before it escalated into costly territory.

Shawnee County Emergency Communications Center (SCECC) sits under the Shawnee County Sheriff’s Office. It receives and processes over 320,000+ 9-1-1 calls annually from within Shawnee County, which is  third largest county in the state of Kansas.

The center also handles additional non-emergency and administrative calls from the public, and the agencies it serves. The SCECC is also the dispatch center for six law enforcement agencies and eight fire agencies in Shawnee County. 

The Shawnee Sheriff’s Office network sits inside the Shawnee County network.

While there are security protocols in place for the county network at large, it was unclear what security measures were applied to the county’s Sheriff’s Office.

Jeremy Rabb is Shawnee County’s Director of Emergency Communications and a member of the Kansas 911 Council – Operations Committee. Rabb knows that that it is imperative to monitor and protect the Sheriff’s Office P25 radio communications system from potential cyber threats.

While considering a cybersecurity solution to fit their organizational needs, alleged suspicious insider threat activity had been brought to the attention of the IT Director.

According to CISA “insider threats present a complex and dynamic risk” to mission-critical organizations.

Unlike external threats, an insider threat already has the permissions to move around a network. That allows for potential access to sensitive data and makes it harder to detect because the activity looks legitimate.  

Upon inspection of the firewalls, the Shawnee County IT Director was able to pinpoint a specific IP.

At this point, they knew they had to do something fast.

SecuLore had successfully conducted a statewide assessment of all the PSAPs in Kansas back in 2022. It was recommended the county bring in SecuLore to monitor the Sheriff’s Office network.

With one phone call, SecuLore immediately shipped a monitoring device overnight for installation to start capturing network traffic data. It was discovered that the alleged suspicious computer was churning enumerations at an alarming rate.

The activity extended beyond the scope of the alleged individual’s responsibility and authority, pinging and gathering IP information

Once the data was captured and it was verified that no other computers were involved, the compromised computer was turned off and removed from the network eradicating the activity. 

Staff vigilance and the swift, decisive action of leadership stopped what could have escalated into a costly remediation situation. This would have been a major issue for Shawnee County and the county’s Sheriff’s Office, as well as the State of Kansas. 

According to a Verizon Data Breach report, more than 1 billion records have been exposed by incidents involving insider threats. The annual cost of an insider threat across organizations is over $16 million, with an average remediation cost of $176k+.  

Jeremy Rabb was first introduced to SecuLore at an APCO International Conference where he attended a speaker session given by SecuLore’s CTO, Sean Scott.

Insights and guidance provided by Sean, and SecuLore’s SOC team’s demonstrated level of expertise, trusted partner approach and personal attention to detail during the Kansas statewide assessment left an impression.

For Shawnee County during a time of crisis SecuLore was a clear-cut choice. Shawnee and other counties across the nation are utilizing CyberSight™ , SecuLore’s proprietary cybersecurity monitoring and threat detection solution to help proactively protect themselves from these types of attacks. 

 “SecuLore’s service is personal and in-depth. You can reach out to them at any time of the day, and they know who you are. It’s a great feeling!” 

– Jeremy Rabb, Director of Emergency Communications 

Shawnee County’s incident highlights the critical importance of proactive cybersecurity measures in mission-critical operations such as emergency communications.

The swift response of Shawnee County’s leadership, combined with SecuLore’s expertise, prevented potentially significant damage and data exposure from an insider threat that could have jeopardized the integrity of their Sheriff’s Department network and networks beyond.

Shawnee county avoided a costly remediation scenario and protected both local and statewide assets by quickly identifying unauthorized network activity and isolating the compromised computer.

This incident underscores unique risks posed by insider threats, which exploit legitimate access to sensitive systems. Insider threats causes detection and response to be particularly challenging.

The incident also demonstrates the value of trusted partnerships with cybersecurity providers. SecuLore’s proven experience and rapid deployment capabilities played a decisive role in resolving the crisis at hand.

CyberSight™ is a managed cybersecurity solution that combines SecuLore’s US-based SOC team and proprietary tools to safeguard networks, thus solidifying confidence and providing peace of mind during critical situations.

Shawnee County’s vigilance and decisive action serve as a model for other organizations. It emphasizes that investing in cybersecurity solutions, services and training is essential to safeguarding mission-critical network systems and data against evolving cyber threats