Brandon Hucks lets out a slow chuckle at the thought of business owners who think their company isn’t at risk of a cyberattack.
His advice to those businesses: “Don’t be naïve.”
As chief financial officer of Century Furniture, Hucks saw firsthand what a cyberattack can do. The company faced a ransomware attack in fall 2020 that shut down the company’s network and halted much of Century’s work for a week. Hucks expects the threat of cyberattacks to continue to grow.
“My gut says that, yes, this is going to come to be a threat that companies are always facing,” Hucks said. “We don’t feel like it is one and done. We could face the threat again.”
The frequency of malware, ransomware and other cyberattacks on businesses, governments and even individuals has increased in recent years. The recent Colonial Pipeline cyberattack brought to light the detrimental effects an attack can have. But it’s not just big companies like Colonial that could see an attack wreak havoc on their business, Chamber of Catawba County President and CEO Lindsay Keisler said.
People are also reading…
“If you have any customer data, any confidential data, internal databases where you rely on, customer relation management software — anything that could be critical to your business success — you should be aware,” she said. “I think from the smallest of businesses to our large industrial partners, this is something businesses should take seriously. Oftentime, we think this wouldn’t happen to us. It’s happening all the time.”
In some ways, Hucks felt that way about Century before the cyberattack. Though Century had safeguards in place and purchased cyber insurance coverage in recent years, Hucks didn’t think a cyberattack was a great threat to a furniture business.
The day it became a reality was one of the worst days Hucks has experienced. Century discovered the attack early on a Sunday morning when an employee could not access the company’s network. Century’s technology leaders realized it was a ransomware attack, and Hucks got the call at 7 a.m.
Their cyber insurance came in handy. The insurance company gathered cybersecurity experts and lawyers to address the problem, helped Century notify government entities as needed and helped create a plan for recovery.
Century was unable to pay the ransom to unlock their system because the U.S. restricts payments to the entity behind the attack, Hucks said. Instead, the company had to rebuild its system based on backup drives.
Cyber insurance and safe system backups are crucial for businesses looking to protect against cyberattacks, Hucks said. Those measures are a good step for companies to take to protect themselves.
“They may attack you and people much smaller than you — be protected, be diligent about it,” Hucks said.
Training employees to avoid suspicious emails and links, practice safe internet usage and use strong passwords, is another key part of security for companies. Since the attack, Century has upped employee training and tried to spread awareness of what to do with suspicious emails.
Employees who click on a malicious link are one of the leading causes of attacks, said Brad Gorka, CommScope vice president of information security. The company provides regular employee training and a plethora of cyberattack information, he said.
The company employs an information security team that reviews digital threats and security incidents to learn from them.
The recent pipeline attack brought cybersecurity to the forefront for the general public, but CommScope has been paying attention to digital attacks for years, Gorka said. “It is clear that the trends suggest ransomware will continue to be a major problem for the foreseeable future and we are doubling our efforts to protect our company from this and other threats and be as prepared as possible,” Gorka said.
As attacks become more common, Keisler hopes companies will take steps to protect themselves. The COVID-19 pandemic has increased the use of technology in business, and that opens new avenues for attack, she said.
“This is something businesses should take seriously,” Keisler said. “Oftentimes we think this wouldn’t happen to us, but it’s happening all the time.”
As more technology and internet-based services are used, security becomes more and more relevant, she said. It is constant work to keep up with new attack methods and implement new security, Hucks said.
“I view this cyber threat as a nuclear race — whatever we do, they’re going to try to build bigger things to beat it,” he said.
Emails are constantly going out with malicious software in links and attachments. Hucks doesn’t think any company is safe — including Century.
That’s why preparation is crucial, not only to prevent an attack but to prepare for the worst-case scenario, where systems have to be restarted using back-up information, Hucks said.
The chamber is working to provide information and possibly classes on cybersecurity, Keisler said. The chamber has put together information for business owners looking to protect their businesses and is encouraging people to use it.
“We’ve already heard of some minor issues and some major disruptive incidents that have occurred right in our community,” Keisler said. There is certain to be more, she said.
In this Series
- 5 updates