'It's not a matter of if anymore': Experts talk cybersecurity with Cobb Chamber
- Oops!Something went wrong.Please try again later.
Aug. 10—CUMBERLAND — S.A. White Oil Company President Kim Gresh has dealt with gasoline supply issues throughout her career, ranging from hurricanes to pipeline fires. But nothing rocked her industry quite like the May cyberattack on Colonial Pipeline. Most of her suppliers wouldn't sell her anything, and those that did were selling half of what they normally would. Gas stations that normally sold 8,000 gallons a day were asking for 16,000 gallons because of panic buying.
"It was the fastest I have ever seen product stop flowing into the metro Atlanta area," Gresh told members of the Cobb Chamber of Commerce Monday. "It only takes one of your vendors to completely shut your business down."
The Colonial Pipeline ransomware attack loomed large over Monday's chamber luncheon, where a panel discussed cybercrimes and advised businesses on protecting themselves. The panel of Georgia Attorney General Chris Carr, Georgia Bureau of Investigation Director Vic Reynolds and former prosecutor John Ghose stressed the importance of getting ahead of cyberattacks before they happen.
According to Ghose, a former federal cybercrimes prosecutor now working in the private sector, fighting cybercrime is now one of the top priorities for federal law enforcement, surpassing organized crime, terrorism and other traditional threats.
Common cyberattack threats include business email compromise (BEC) schemes and ransomware attacks, Carr said. They target businesses large and small, as well as individuals, often tricking the elderly into paying money or giving up their financial information. For small businesses, churches and nonprofits, the crimes can be "existential," Carr said. Financial and energy firms in particular are targeted constantly.
"You got to be right every time, and the criminal has got to be right once," Carr said.
Apart from standard electronic security, simple things such as training employees to be cautious with strange emails is a must, the panelists said.
"My cybercrime agents tell me that ... around 92% of every cybercrime enters into your system in one way — through emails," Reynolds said. "The majority of time ransomware is introduced into your system, it's done in an attachment included with an email."
Ghose told the attendees that having an existing relationship with state and federal law enforcement can come in handy in the wake of an attack. One of Ghose's clients recently was targeted and did all the right things, reporting it to the banks involved and the FBI.
The client wasn't having any luck getting the money back, but Ghose said he used his connections in law enforcement to reach a government analyst who was able to find the money parked in a cryptocurrency exchange in San Francisco. That enabled the money to be frozen and eventually recovered.
"A lot of times, if you don't have a relationship with your local field office, your local GBI task force or (attorney general) office, you won't know who to call," Ghose said. "And you can't develop those relationships once you're in the midst of an attack, you have to know them in advance."
Carr and Reynolds advised chamber members to report the attacks, even if it can be painful for a company's brand and its relationships with clients and customers. Reynolds cited the FBI's 82% success rate in freezing money stolen through cybercrime in 2020.
Victims of cyberattacks should report them to the FBI's Internet Crime Complaint Center at ic3.gov, Reynolds said.
Many cyberattacks originate from foreign hackers. When the attackers are based in countries unfriendly to U.S. law enforcement, such as Russia, it can be a challenge to bring them to account. But Reynolds stressed that reporting helps law enforcement gather data and identify hackers. Those hackers sometimes travel to countries that cooperate with the U.S. and end up arrested there.
And, Reynolds added, many cases the GBI works have a Georgia connection. Identifying and arresting people in-state can help solve a case.
Companies ought to consider purchasing cybercrime insurance, which can include coverage for ransomware payments, panelists said. Ghose advised companies to include cybersecurity requirements in contracts with suppliers, to ensure they are protected at all levels. They also can hire law firms to advise on cyber threats and hire "penetration testers" who search for vulnerabilities that need shoring up.
More than anything, companies must have a plan for dealing with an attack, Ghose said, so they can navigate the "tree of decisions" — whether to pay ransom, how to fund said payment and the legality of mitigating actions.
"Think this through in advance, because there's a whole line of things that could happen," Ghose said. "And if you're running around trying to figure it out, at the time of the attack, you're not going to make good decisions. ... just prioritize it. And try your best to have a plan."
It's always better to spend a little money on the front end than be in big financial trouble as a result of an attack, Carr said.
"This isn't 2014 when Target had their hack occur and everybody says, 'Oh my goodness, how in the world could this ever happen?' Well, it's not a matter of if anymore, it's a matter of when," Carr said.
