S.C. can be ‘The Cyber-Security State’
Cybersecurity is an issue that should be at the forefront of everyone’s mind, and South Carolina has the opportunity to lead the nation on this critical issue. The reality is, if you’re reading this, there is almost a guarantee that some of your personal information was lost or stolen during a data breach. Emails, passwords, credit card numbers, social security numbers, and more are all constantly being traded on the dark web for cybercriminals to leverage in their next set of attacks. With employees commonly being a weak point in every organization, targeted attacks can utilize the vast array of personal information to drastically increase the success rate for cyber-attacks.
Our state has seen its fair share of high-profile cyber-attacks just inside the last year. Greenville, Spartanburg, and Horry counties have experienced ransomware infections that brought critical systems to a complete halt. The result? City and county officials voting to pay substantial ransoms in order to get city-data back and systems running again. Several attacks that happened this year alone, on small counties, have led to ransom payments of over $400,000. Cybercriminals are salivating over these results, and our leaders should be very concerned.
Taking steps to be proactive about Cyber Security and show it respect as a priority issue can drive South Carolina to the forefront of the United States. We have the potential to be leaders, blazing the trail for other states to see that this war on cybercrime can be won. It’s time for South Carolina’s cities and county governments to take action and begin to put a stop to cyber warfare.
We must begin taking a proactive look at security. Our weapon at the forefront of this battle is the antivirus software that’s installed on our devices and networks. Every government, business, and citizen should have some form of antivirus or security software in place. Even still, we’re seeing a drastic rise in successful attacks. This ultimately stems from the vast majority of antivirus software taking a legacy approach known as application blacklisting.
This approach, is essentially where the software company keeps a list of viruses and other forms of malicious software, ultimately making up what is known as the blacklist, and then uses that list to determine what can and can’t run on a user’s device. While this seems feasible at it’s surface, the problem is – the bad programs must run before they’re identified, and that leads to computers getting infected.
Instead, we should deploy a proactive security solution that can block true unknown malware in even its earliest form, by using an application whitelisting approach. This approach, rather than keeping a list of malicious software, keeps a list of known and trusted software, and only allows those pieces of software to run. Using an approach like application whitelisting will significantly drive down the number of successful attacks seen in our state.
Furthermore, every network has a security footprint – a way to encompass all systems, users, and procedures that are used internally. Inside this footprint, the user is often targeted as the weak link in the armor IT has deployed. To combat this, all employees should be constantly trained and tested on cybersecurity awareness. Training is a quick and easy way to drastically lower an organization's risk of falling victim to a cyber-attack.
Additionally, passwords are the key to every door we have inside an organization. Without good password hygiene, data breaches can expose user credentials and be leveraged to carry out high profile ransomware attacks. In recent studies, it was found that over 50% of users only change passwords when they are forced to. Keeping the same password through data breaches can allow cybercriminals to cross-reference stolen credentials to employees in your organization and target that vulnerability.
Everyone in South Carolina has a role to play in this cyberwar. Not only should individuals look to take these same steps in their own households, but together we can push our elected officials to make a change and help South Carolina win the cyberwar.
Rob Cheng is the chief executive officer and founder of PC Matic.