(TNS) — Terri Bettinger paid close attention to the recent cyberattacks on the websites of Ohio government agencies, banks and other businesses. She hoped to learn lessons to better defend the information she oversees.
Bettinger is the chief information officer for Franklin County and head of its Data Center, which collects, stores and protects government data from property tax bills to court and medical records. She knows the system will be hacked.
“It’s when, not if. It’s going to happen,” Bettinger said.
She saw Licking and Henry counties become recent victims of ransomware attacks, in which hackers stole information or locked their systems and demanded to be paid. Neither county paid the high-tech extortion, but both had some services hampered because their computer systems had to be restored.
Bettinger is taking steps to try to ensure that doesn’t happen in Franklin County, noting it has been subject to “a handful” of hacker incidents. She knows that despite all of her precautions, despite the defenses her team has built, it almost surely will happen.
“Someone is going to click on a link they shouldn’t,” Bettinger said.
That’s a reason why Franklin County’s Data Center spends $3 million annually — 21 percent of its overall $14.4 million budget this year — on cybersecurity.
Experts stress that the best way to combat cyberattacks starts with individual users, so education and preparation are key.
The FBI reported in its 2016 Internet Crime Report that the leading cyber crime in the U.S. in terms of monetary loss involved compromised email accounts. It accounted for $361 million in losses.
If you don’t know the sender of an email, don’t click on its attachments.
“Most of the serious incidents,” Bettinger said, “are generated internally.”
To help employees understand that, Bettinger plans a “phishing” campaign at work. Hackers can “phish” for information by sending fake emails, some very convincing, attempting to lure users into opening attachments that gives hackers access to the computer system and its information.
“Security is not an IT function. It belongs to everybody,” Bettinger said.
A good way to protect information is keeping it offline.
That, Ed Leonard said, is how Ohio’s counties are so effective in ensuring elections aren’t hacked or victims of manipulation.
The election system in Ohio’s 88 counties isn’t connected to the Internet, said Leonard, director of Franklin County’s Board of Elections.
“We use a dedicated (computer) that is linked only to the Secretary of State’s office,” Leonard said.
The voting machines also aren’t online.
“There are no publicly accessible ports to load malware,” Leonard said.
Instead, the results are kept on paper, in the voting machines and on small, portable storage devices.
Jeff Young, director of Franklin County Emergency Management and Homeland Security, helps plan for dealing with disasters such as floods and hurricanes. Lately, though, that’s been expanded.
“Now,” Young said, “we’re applying it to the digital world.”
His office is a liaison between governments attacked online and statewide resources to help them, such as the Ohio Emergency Management Agency and the Ohio National Guard.
“They don’t pay attention to security unless it happens to them,” Maj. Gen. Mark Bartman, adjutant general of the Ohio National Guard, said of cyber victims.
In terms of cybersecurity, Bartman’s office is doing for Ohio what the U.S. Department of Defense does for the federal government.
This month, Ohio is opening the first phase of its “cyber range,” less of a geographical location and more of a concept. It’s where cybersecurity is taught using exercises and competitions.
“We want Ohio to have a location for any of our citizens to have a place to go” to hone cybersecurity skills, Bartman said. It “will allow any entity to train, get certification to have access to operate on networks.”
That includes students, from kindergarten through college. Developing cybersecurity skills can’t begin soon enough, Bartman said. That’s vital for the future because so much now is connected online.
“We’re trying to figure out how as we convert every school in Ohio,” Bartman said.
It’s that type of public collaboration, Bettinger and Bartman agree, that will lead to the best cyberdefenses.
In a recent attack that earned national headlines, Bettinger, by 7:30 that morning, had been contacted by 20 cyber professionals and compatriots warning of the attacks and discussing how to counter and destroy them.
“That is a powerful tool,” Bettinger said. “Sometimes, our challenge is not to sound like Chicken Little.”