2024/27 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights:   Praise good cyber behaviour / Key KPI for Phishing Exercises is the # Reported! / Paper can side-step digital controls / Learn global and act local / Make it easy to report suspicious emails

2024/27 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights:  Praise good cyber behaviour / Key KPI for Phishing Exercises is the # Reported! / Paper can side-step digital controls / Learn global and act local / Make it easy to report suspicious emails

** For Back Issues see https://isac4cities.eu/blog **

The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.

Weekly [TLP:RED]

Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.

This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.

• Weekly [TLP:RED] for Publicly Elected Officials: Requesting feedback for a planned decision over the summer holidays is most effective – you will not get any.
• Weekly [TLP:RED] for Essential Services Managers: Paper inputs can circumvent many digital controls – ensure you digitize all paper input and get it into the digital controls world.
• Weekly [TLP:RED] for IT Leaders: Informing / praising users when they PASS a phishing test makes the right behaviour more sustainable.

Summary

Hi everyone, I hope you are doing well. Four cities joining from Bulgaria, Estonia, Germany, and Ireland, on Friday morning for an interesting discussion around how important local language versus English is, and how we do retain our local focus (while being interested in learning from others in other countries). Call the latter “navel gazing” in my opinion, however very understandable as we all struggle to even manage our daily local tasks – looking at how others do their work is the best way of sharpening the axe though and we really need to find better ways of doing things. On the hand, I expect that no matter how effective / efficient we get, we will remain “Oberkante Unterlippe” as we say in German (“Under Water to the top of our bottom lip”). Hey ho… time to open a flower shop instead?

We discussed the results of a conversation with the CIO of a large Hanse City in Germany (https://en.wikipedia.org/wiki/Hanseatic_League#Lists_of_former_Hansa_cities) and also reflected that the purpose of the Hanseatic Leagues (trade and defence). I wonder whether organisation like the https://en.wikipedia.org/wiki/New_Hanseatic_League might be more open to sharing cyber related knowledge to improve their defences? (Interesting to see that Germany and Poland are actually not members though). Maybe a tabletop like the one we are preparing for ENISA would be an interesting start to this conversation?

As we then talked about phishing campaigns and the sort of statistics we see in our organisations, we also remembered that “paper” phishing (i.e., fake paper invoices) also cause a lot of damage – not really “cyber” of course and only successful because our internal processes do not have the corresponding checks and balances in place. Ok, if you get the fake invoice digitally then it does become “cyber” since we can begin automating the security checks etc, so I wonder how much damage paper phishing actually does every year? Also – local language phishing appears to be more effective than using English (tough luck if you have English as a local language then of course) – one reason is that the global providers of anti-phishing solutions focus on the English speakers and then the other large language populations first – small local language communities are commercially uninteresting consider the price of localisation. Key KPI should be something like “The number of suspicious emails reported / click rate on these” perhaps? Having a decent button for this in our email solution is a good idea.

And before I forget – we cannot evaluate the results of our betting round last week yet (https://isac4cities.eu/2024-26-weekly-update-from-the-mce-sig-city-isac-i4c-highlights-threat-estimates-only-30-correct-betting-odds-of-ransomware-event-next-week-at-32-threat-actors-know-how-we) – need to wait for the OSINT report next week, and since I have not received any EU MISP notifications of such a brief yet, it seems those betting against the incident might be successful 😊

I asked CoPilot to create a button for reporting suspicious emails.  AI came up with the following…

Continuing to wish everyone a safe summer!

Cheers, 

Oliver

Insights from Chatbots

I was curious about the opinion of Bing Chat about ow we can automate the validation of invoices. The AI responded as per below:

“Automating invoice validation can streamline your accounts payable process, reduce errors, and save time. Here are the key steps and technologies involved:

1. **Invoice Capture**: Use Optical Character Recognition (OCR) to digitize paper invoices and extract key data from both paper and digital invoices¹.

2. **Data Extraction**: Implement Intelligent Document Processing (IDP) software that uses machine learning to identify and extract relevant data fields from invoices, such as invoice number, date, amount, and supplier details⁵.

3. **Validation Rules**: Set up validation rules to check the extracted data against your internal records. This includes:

   – **2-Way or 3-Way Matching**: Compare invoice details with purchase orders and goods receipts to ensure accuracy².

   – **Fraud Detection**: Screen for duplicate invoices and other anomalies that may indicate fraud².

   – **Compliance Checks**: Ensure invoices meet legal and regulatory requirements².

4. **Workflow Automation**: Use Business Process Management (BPM) or Robotic Process Automation (RPA) to route invoices through the approval process. This can include automatic routing to the appropriate personnel for review and approval³.

5. **Exception Handling**: Implement systems to flag discrepancies or errors for manual review. This ensures that any issues are resolved before payment is processed².

6. **Integration with ERP Systems**: Integrate the automated validation process with your Enterprise Resource Planning (ERP) system to ensure seamless data flow and record-keeping³.

By automating these steps, you can significantly reduce the time and effort required for invoice validation, minimize errors, and improve overall efficiency.

Source: Conversation with Copilot, 23/08/2024

(1) What is Invoice Validation? (How to Automate The Process) – BILL. https://www.bill.com/learning/invoice-validation.

(2) Automated Invoice Validation: Benefits & Use Cases in 2024 – AIMultiple. https://research.aimultiple.com/automated-invoice-validation/ .

(3) Automated Invoice Validation: Benefits & Use Cases in 2024. https://expertbeacon.com/automated-invoice-validation/.

(4) Automated Invoice Processing: A Step-By-Step Guide. https://www.abbyy.com/blog/automated-invoice-processing/.

(5) Set up Accounts payable invoice matching validation. https://learn.microsoft.com/en-us/dynamics365/finance/accounts-payable/tasks/set-up-accounts-payable-invoice-matching-validation.

(6) How to Create Fully Automatic Invoice in Excel (with Easy Steps). https://www.exceldemy.com/fully-automatic-invoice-in-excel/ ”        

In the News

• USA – National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident https://www.techrepublic.com/article/social-security-numbers-leak/.

City ISAC Services (Member Funded)

We have published our services at https://isac4cities.eu/services-offered.Please do review and consider reaching out to include such in your activities and budgets.

One service to highlight this week is gathering experiences of / organising conversations with users of specific solutions you are considering to short-list in a purchasing process. Getting the “real story” is critical and that only happens in personal conversations.

Project “VAUBAN” – 2024 Multi-ISAC Tabletop

You might remember that our City ISAC is a founding member of the EU Council of ISACs where we have many EU ISAC members from sectors like health, energy, finance, water, energy etc. As part of the work with the EU Council of ISACs we are also building out our relationship with ENISA. ENISA is planning a face-to-face Multi-ISAC event in October and we, the City ISAC, have an opportunity to run a 120 minute tabletop with many ISACs in the room plus a wide range of ENISA representatives in the morning of the second day. The tabletop will address all ISACs in the room and be based on a public administration being breached and asking for the support of the community to help tackle the challenge. The exercise will address all NIS2 domains and offer the ISACs a chance to jointly help.

No specific updates – the Red Team continues to develop a playbook, and this week began exploring how to create a “plan” for steering the reactive behaviour of a victim. We need to assume that the Red Team knows the process that will be enacted by the administration crisis team, which begins begging the question whether following “standard” process (i.e., disconnecting from the Internet, recovering backups etc is the *right* strategy for the Blue Team?

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/  

To unsubscribe please send an email to info@isac4cities.eu