close
close

Los Angeles County bot aims to catch phishing before it starts

Posted on by darion

Imagine a 40-hour workweek that consists of little more than checking for suspicious emails. Day in and day out—thousands of backlogged emails to analyze, multiple software filters to apply, one after another—day in and day out.

Perhaps even more terrifying, the systems you help protect hold sensitive social services data for the nation’s most populous county. Any missed phishing attempts on your part could be devastating to the agency and the people it serves.

While this scenario may seem like some imagined version of purgatory for IT professionals, for Daniel Garcia, a senior information systems analyst with the Los Angeles County Department of Public Social Services (DPSS), it was an everyday occurrence.


The system, known as the Countywide Reporting of Information Security Incident (CRISI) ticketing system, involves employees identifying and flagging potentially malicious emails using a button in their Microsoft Outlook inboxes. That action creates a ticket for further investigation, which until recently meant Garcia had another problem to solve.

When he took over about three years ago, there was a backlog of nearly 3,000 unscanned emails that agency employees had flagged as suspicious. Worse, he had to run each one through multiple software platforms—a process that took an average of two to 10 minutes per email. No shortcuts, no exceptions.

“I managed to solve them within a year and a half, but during that time I noticed some patterns and identified different emails coming in, so I started writing a white paper to develop a system…” he said Industry Insider – California.

Fortunately for DPSS and Garcia, the idea of ​​a streamlined system was in the cards. Xerox and the county’s Internal Services Department (ISD) worked with the department to customize a robotic process automation (RPA) solution that could take over the repetitive and time-consuming work.

The RPA pilot lasted more than a year before it became a permanent part of the department’s cybersecurity, processing about 200 calls a day three times a day, said Robert Rogers, DPSS’s chief information security officer.

“We’ve had such success that other county departments are considering building RPA into their (own processes),” Rogers said, adding that even ISD is looking to implement an RPA tool within its department.

The new tool has dramatically improved the email security process, Garcia and Rogers said, with only about 20 emails requiring human intervention. Garcia explained that the system automatically identifies flagged emails, categorizing them into several groups for return or forwarding to the ISD security team. These groups include phishing, spam, bulk email, marketing, social media, miscellaneous and legitimate.

In addition to the obvious time and cost savings associated with this type of automation, Garcia noted that the new process means employees are less likely to skip steps when a suspicious email comes in. Previously, delays meant employees wondered whether a reported email was safe, opening the door to potentially dangerous assumptions and clicks on links.

“If a user reports it and there’s no response, they’ll say, ‘Well, that wasn’t so bad, was it?’ so they’ll click on it and then it’ll open up malware or something,” he said. “The longer we wait, the more vulnerable we are.”

Their efforts earned the department recognition in the form of National Association of Counties (NACO) 2024 Achievement Awards, and Rogers said their successes serve as a model for other county departments.

This story first appeared in Industry Insider – Californiapart of the e.Republic, Government Technology Parent company.