CYBERSECURITY: THE NEW BABY.

• Position: ROUND TABLE: DIGITAL PRIVACY & SECURITY

Today's global economy relies on data shared and stored through cyberspace. North Carolina businesses--large and small--have long known the importance of maintaining the physical property they own and protecting against intruders, potential theft and other acts that could cause issues within the company. Emerging from the age of COVID19, employees working from home pose even more challenges. Add to that, the effects of recent cyber-attacks on businesses and organizations across the country make cybersecurity an even more important topic for all N.C. businesses.

PANELISTS

The discussion was moderated by NCTech Association's Brooks Raiford. It was edited for brevity and clarity.

Chuck Kesler chief information security officer, Pendo

Brooks Raiford (moderator) president and CEO, North Carolina Technology Association

Susan Randall information technology instructor and department chair of Computer Information Technology and Broadcasting, Cleveland Community College

Laura Rodgers director of cybersecurity practice, Secure Computing Institute, NC State University

Jon Sternstein founder and CEO, Stern Security

MORE COMPANIES AND GOVERNMENT AGENCIES ARE VICTIMIZED BY RANSOMWARE. WHAT ARE THE RAMIFICATIONS FOR N.C. BUSINESSES AND ORGANIZATIONS?

RODGERS: One thing that we need to start with is the state has issued an edict that no state agency may pay a ransom at all. (North Carolina is the first state to do this.) All of these schools and agencies are really going to have to get with it when it comes to incident response, and, most importantly, the backups in making sure they can restore their systems so they aren't down for very long. I think that really is the key. They say that there are two groups of people, those who have been hacked and those that don't know they have been hacked. You have to assume that you have been and you have to act accordingly, and that means good preparation and making sure you have a good incident plan in place. The last thing you need is for everyone to act in an uncoordinated way. When you have press come along they typically interview the person who doesn't know anything and the person typically says something they shouldn't. Everyone in your organization needs to understand how to respond and who is supposed to talk and who isn't.

Typically with ransomware you are going to have to get the FBI involved. And at that point you are going to need an attorney. So you are going to spend a lot of money. I just read an article about a school in Connecticut that was the victim of ransomware. The outcome was it cost them about $500,000, and about $350,000 of that was unnecessary. Had they done everything upfront that they ended up having to do in a very short period of time, it would have cost them about $ 150,000 over the course of the year to get where they needed to be. So that tells you something. You need to be prepared. It's coming. Just get ready for it.

RANDALL: I know of one incident in the last year or year and a half with one of our other community colleges. It was hit with ransomware. It took their entire system down. It didn't just cost them their emails, it cost them their curriculum. Because when it shut their system down it took down their learning management systems, it took down access to all their courses. You didn't know where your students stood in regards to...