Over the years, cyber criminals have attacked various large organizations in Charlotte, crippling IT systems, compromising data and frustrating users. The hacks force local tech leaders to work extra to prepare for the next disaster, like you’d do ahead of a big storm.
The big picture: Profit-driven cyberattacks are becoming increasingly routine, as Axios’ Ina Fried wrote. Recent high-profile cyberattacks, like that of Colonial Pipeline and JBS, have disrupted everyday industries such as gas and meat supplies.
- Big companies with multimillion-dollar ransoms dominate headlines, but it’s often small and mid-size businesses that are most vulnerable, experts say.
These attacks prompt the question: How ready are we in Charlotte for the next big cyber hack?
Flashback: In 2017, hackers attacked Mecklenburg County, freezing everything from the property records website to online applications for marriage licenses. County officials refused to pay the $23,000 ransom the hackers demanded, the Observer reported at the time.
- The hack occurred after a county employee inadvertently opened a phishing email.
What’s new: Since the attack, the county has doubled down on protecting its digital security, says Mecklenburg County IT security director Stephanie Smith. County IT staffers teach employees how to identify phishing emails, and instruct them to never disclose sensitive data or credentials.
“If you have a [farm] … and you put a 10-foot fence around it, the likelihood of a predator coming in to kill your livestock is pretty low,” Smith says. “The more you build up those boundaries the less likely you are to fall victim.”
At Central Piedmont Community College, multiple investigations are ongoing into the cyberattack that caused classes to shut down for about a week earlier this year, says Jeff Lowrance, CPCC’s VP of communications.
CPCC’s online class portal was the system hardest hit, Lowrance says. When the hack occurred, the college was in the midst of transferring courses onto a new learning management system (Brightspace) from its old one (Blackboard). Professors use the system to build curriculum; students use it to submit assignments.
- The college had to rebuild the classes on the old system in the new one, Lowrance says.
- One advantage the college had in its recovery was that several classes were already on Brightspace.
“When it occurred, our ITS team, working remotely, did a heroic job of shutting things down, as soon as they realized a threat actor was at work,” Lowrance says.
It’s not clear how the hack occurred. But since it happened, Lowrance says, the college has taken steps to harden its IT systems to make sure it doesn’t happen again.
Smaller companies with fewer than 300 employees don’t always have the resources and training to deal with cyberattacks, says Taylor Busby, VP of sales and marketing at SeedSpark, a Charlotte IT services firm that handles cybersecurity for more than 200 companies in the Charlotte area.
By the numbers: About 40% of all cyberattacks target small and medium-sized businesses, or those with fewer than 100 and 300 employees, respectively, Busby estimates. Of those, 60% end up going out of business within six months, he adds.
“Without a doubt there’s been a sharp increase in the frequency and types of attacks,” Busby says. Last week alone, SeedSpark helped stop 982 phishing attacks for its clients, he adds.
Between the lines: Cyber criminals are taking advantage of the fact that people are online more since the pandemic forced businesses to operate more digitally than before, Busby says.
- Furthermore, the rise of cryptocurrency makes it easy for hackers to collect ransom, Axios’ Fried reported.
- The U.S. Justice Department has said it plans to start addressing cyberattacks similar to how it approaches the fight against terrorism.
“We’re more prepared than we were in 2017. We definitely do not want another ransomware attack but we’re always on guard,” says Smith, the county’s IT security director. “It’s not one of those areas where you can be asleep at the wheel.”
Here are a few suggestions SeedSpark has for smaller businesses looking to protect themselves:
- Back up your data and maintain your backups offline.
- Create a business continuity plan and keep it updated.
- Learn how to identify phishing emails and teach employees how to recognize and report them.
- Make strong, unique passwords with random characters, numbers and symbols.