by ROB CHENG || Cyber threats are growing, the costs associated with them continue to soar to record-highs, and cybercriminals have clearly set their eyes on South Carolina. In fact, in just the last four weeks alone, these criminals have successfully infiltrated Jasper County’s local government operations and attacked Calhoun County School District.
The reality is, our cyber enemies are getting good. Scarily good. And what’s even scarier – their recent successful attempts have left them hungrier for more.
First striking United States soil in September 2013, ransomware attacks infected home computers and encrypted personal photos and videos. The encryption was unbreakable, and the payment in crypto currency was untraceable. Ransoms were hundreds of dollars, and when paid, prospects of full recovery were excellent.
As cybercriminals have advanced their practices, in January 2016, ransomware targeted the school system in Horry County, South Carolina. County officials approved funds to pay the record ransom of $8,500 to successfully restore several servers and multiple end points throughout its network. This infection represented a shift in ransomware attacks away from consumers and placed the target on the enterprise and public sectors.
Now, in 2019, our airports and hospitals, cities and counties, businesses, and homes are not safe from the ransomware offensive. Many South Carolinians find themselves asking how long will it be before the next attack in South Carolinian occurs?
As cyber threats grow and security measures continue to be lackluster, it is not a matter of if, but when. The enemy is going to attack our local government, and it is unclear how ready they are.
Fortunately, there are steps local governments across South Carolina can take to minimize the risk of becoming a victim of cyber-crime.
First, users must analyze their current antivirus program. Often times, security solution providers use a reactive approach to security. Meaning, the software will only block known bad files, permitting all other unknown files to install. Then, if one of the unknown files happens to be bad, they will work to remove it – if possible. Based on industry research, this approach is no longer feasible. This is why the US-CERT, FBI, and NSA have all encouraged the use of application whitelisting. By using a whitelist, the device will only be allowed to run known, trusted programs. This means, even if the enemy found a way to worm their way into the server or computer, they couldn’t install anything malicious, because only good programs and files can run.
(Click to view)
(Via: Getty Images)
Second, users need to ensure their operating system and all of their third-party applications are up to date. If they are outdated, security holes are being left unpatched. Therefore, users are leaving the backdoor wide open for cyber criminals.
Third is education. Knowing what today’s cyber threats are, and the red flags to spot them will help decrease the likelihood of unintentionally downloading a malicious attachment or clicking on a malicious link.
The fourth suggestion is practicing proper password hygiene. This includes using complex passwords, including capital and lower-case letters, numbers and special characters. These passwords should also not be written down. Alternatively, users can utilize a password vault to manage and protect all of their passwords for each account. Passwords should also not be used across multiple accounts, personal or professional. Additionally, users need to update their passwords every six weeks.
The fifth and final thing is, backing up files. Storing data on an external hard drive or cloud-based network will help with the restoration process if a cyber-attack were to corrupt systems. If the backup of choice is an external hard drive, it is important to unplug the hard drive from the device once the backup process is completed. If users fail to do so, there is a risk of the backup files too becoming infected if a cyber-attack were to execute.
The reality is, cyber threats are evolving daily, and unfortunately there is no silver bullet.
However, if local leaders are implementing these five suggestions, the risk of falling victim is minimal at best.
Everyone has a part in helping South Carolina lead our nation in the cyberwar. Rather than waiting for the next cyber-attack to happen, we must take action, and reach out to our local government offices and educational institutions urging them to begin using these five cyber security tips identified above. After all, they possess your personal information too, and you have the right to know it is being kept secure.
ABOUT THE AUTHOR …
Rob Cheng is the CEO and Founder of PC Matic – the world’s only 100 percent American-made antivirus software. A resident of Myrtle Beach, South Carolina, Rob is an industry leading cybersecurity expert and contributes regularly in national publications on a variety of cybersecurity topics.
WANNA SOUND OFF?
Got something you’d like to say in response to one of our stories? Please feel free to submit your own letter to the editor (or guest column) via-email HERE. Got a tip for us? CLICK HERE. Got a technical question or a glitch to report? CLICK HERE. Want to support what we’re doing? SUBSCRIBE HERE.