NC is rich in targets for cyber attack. Avoid being the next victim.
Up to one in three North Carolinians was the victim of a cyber attack in the past 18 months.
There are about 10 million people in the state, and recent data shows more than 3 million cyber attack victims over that time period.
"The Tar Heel state is home to Fortune 500 companies, numerous small businesses, Research Triangle Park, and world-renowned universities and colleges, making the state a target-rich environment for cyber criminals and nation-state actors," FBI spokeswoman Shelley Lynch said.
Any employee or client of any of those companies could be a target.
The City of Rocky Mount was hacked two years ago. Computer systems were shut down and people could not pay bills online. Last year in Chatham County, a hacker locked down the county's computer systems in a ransomware attack designed to extort money.
"The general public work in companies and they work in government and they are susceptible to attacks that happen as result of poor cyber hygiene," said FBI Special Agent in Charge Robert R. Wells. He cited "not having good passwords and/or clicking on certain links that are actually a phishing expedition" as security flaws that can compromise anyone.
Since the beginning of 2021, North Carolina-based companies or agencies have been targeted 119 times by cyber criminals, data from the state Attorney General's Office shows. Health care agencies were the most frequently targeted. Duke University Health System, Blue Cross Blue Shield of NC and the state Division of Employment Security were each targeted twice in that time frame.
"Financial services, critical infrastructure, health care, those are usually targets attackers go after," Wells said.
Almost 3,000 attacks have impacted data of North Carolina citizens or businesses in that time, costing victims $91,416,226.
{
"name": "footable",
"attrs": {
"id": "20365810",
"identifier": "attacks",
"credits": "North Carolina Attorney General's Office",
"header": "Cyber attacks reported in NC",
"description": "The North Carolina Attorney General's Office was alerted to almost 3,000 cyberattacks that involved either a North Carolina-based business or victims in the state between Jan 1, 2021, and July 6, 2022.",
"filter": "true",
"on": "No. of NC residents affected",
"all": "Date Submitted|Address|Circumstances of security breach|Information taken|Breach format|NC residents notified on|NC residents notified by|No. of individuals affected",
"limit": "50",
"placeholder": "Search by business name or HQ city"
},
"children": null
}Cyber attacks that compromise a computer network can have real-world consequences.
Wells offered the example of the Colonial pipeline attack.
"Everyone is familiar with when they couldn’t fill their cars up with gas," he said. "Imagine if a hospital is taken offline for 24 hours. Our gas and electric – shut that down you can have an impact on people's health and well being."
In an interconnected world where much of the communication and commerce takes place online. the responsibility to maintain cyber security belongs to everyone.
"Understand the resources you have and the assets you have to protect," Wells said.
"Very much like taking care of your health, it is not just a doctor problem. The individual needs to take responsibility."
Here are some ways to protect your data and your network from ransomware attacks:
- Keep your anti-virus and other malware software updated.
- Back up your data regularly.
- Make sure you only conduct business on secure networks and through legitimate URLs.
- Conduct a risk analysis of your network and security systems and conduct your own hacking attempts to find any security gaps. When you find vulnerabilities in your security system, patch them.
- Allow only approved, verified programs and software to run on your computer and networks.
- Ensure that anyone who has access to your network has been trained on best practices in cybersecurity and knows what to do if a hacking or ransomware incident occurs.
- Do not click on attachments in phishing emails.
If you think you have been the victim of a ransomware attack, you should report it to the FBI or the U.S. Secret Service immediately.
The FBI shared these steps for business owners to take:
- Update and patch operating systems and software.
- Implement robust access controls, especially for privileged users.
- Monitor security logs.
- Audit trusted third parties or others with access to systems and sensitive data.
- Require personnel to choose a strong, unique password for each account and use multifactor authentication for as many services as possible. Passwords should be changed regularly.
- Educate personnel about phishing schemes to highlight the risks of clicking on suspicious links, opening suspicious attachments, and visiting suspicious websites.
- Keep backups of data offline, and regularly test backup and restoration capabilities. Ensure all backup data is encrypted and immutable.
- Develop a cybersecurity incident response plan that includes the FBI. If compromised, contact the FBI immediately.
- Be aware of signs of compromises such as broken passwords, unexpected pop-ups, slow-running devices, altered system settings, or unexplained online activity.
