Jun. 7—Recent high-profile cases of attacks on computer systems in the United States have local officials concerned about potential illegal incursions on business and government systems in the area.
Ransomware became a big topic when the system at Colonial Pipeline was victimized. The act shut down one of the nation's largest energy pipeline operators and led to gas shortages up and down the east coast. Last weekend the nation's largest beef supplier, JBS, was hit with ransomware.
Those are just some recent high-profile cases. Officials say those attacks have become increasingly frequent. The federal Homeland Security office estimates over 150 such cases have hit government agencies, medical facilities and businesses both large and small.
"This is a real concern and it is really frustrating," said Daviess County Prosecutor Dan Murrie. "When someone commits a crime against someone in your community, you want to pursue them and punish them. In these cases, we know the people involved are international. So even if we could find them it is very unlikely, they would be brought back to Washington, Indiana, to face justice."
There is an increasing effort to chase down the cyber criminals but Murrie says that is focused on major hacks.
"I can't say what our fellow law enforcement people at the FBI are doing about this," said Murrie. "It is not like everyone is throwing their hands in the air, but it takes a lot of loss to get them involved. A hack aimed at someone even as large as Graber Post would probably not get the fed's attention."
What that means is that local companies like Graber Post have to increase their own cyber defenses to try and avoid becoming the next victim. Graber Post may sit in Amish country but it is a business with more than $120 million in annual sales, 250 employees on site and numerous subcontractors throughout both Indiana and the U.S. It also has a business footprint that covers multiple states. That means a considerable computer presence.
"We are very much concerned about ransomware," said Graber Post IT Director Matt Meredith. "We are like everyone else with a computer network. We know it just takes one person to slip up. We have a company we work with that got hacked and it turned into a huge problem for them."
Meredith says one of the things that is emphasized to employees is to not just click on anything. He points out a lot of ransomware gets planted just be someone responding to a phishing email.
"We do training with our people on phishing," said Meredith. "We also have software that tries to eliminate the phishing email before it gets to them."
One thing officials say that has raised the vulnerability of businesses to the attacks is that during COVID many people were working from home. That meant home computers that might have been infected with a virus were now linking into larger systems and exposing them to the same cyber dangers.
"You can only control so much," said Meredith. "We can get a lot of what may be coming directly into our system. We have had a lot phishing attempts but so far they have been caught."
Because Daviess County has a lot of connection with the Department of Defense through Crane, area businesses have been able to link into some advanced computer safety and security training.
"Because of the WestGate connection with Crane and the defense department there seems to be a higher recognition about the need for cyber-security in our business community," said Bryant Niehoff, executive director for the Daviess County Economic Development Corporation. "We have worked with some of our neighboring counties and Radius Indiana to develop the 1150 Academy where area businesses can get advanced training for cyber security. We have had several businesses take advantage of that program. It rolled out during the COVID pandemic and kind of got lost, but it is a hidden gem in helping businesses deal with ransomware."
Something else the computer attacks on businesses has created is a new insurance market.
"Just a few years ago no one had heard of cyber-insurance," said Meredith. "Now most businesses have it. The good thing is that they come in and find any potential vulnerabilities and then you need to update it. I know one of the things we have done is begin building back-ups, to back-ups to back-ups, both on our local system and in the cloud and we have some of it in systems that are off-site."
With the inability of authorities to successfully track down and punish criminals who get into their computer systems the recommendation is to be aware and think before you click.
"Right now, our best defense is awareness, just knowing the danger is out there," said Murrie. "People are curious by nature. When they get an email, they want to click on it. They are curious. They want to be polite and respond. That is what these criminals rely upon. We don't want anyone here to be a victim and that means you need to think before you click on or download something. The good news is we have had no incidents of ransomware reported in Daviess County."
"I sure hope we can avoid it," added Meredith. "I can't imagine what it would be like to go back to trying to operate a business like we did before we had computers."