One hundred million dollars.
That number is music to the ears of any business no matter its size, whether it describes sales, profit or year over year growth.
But a recent report released by the FBI shows that number has a very negative connotation for many South Carolina businesses. It represents how much money cyber-criminals stole from both individuals and businesses of all sizes here in 2022.
The 2022 Internet Crime Report was released in March by the FBI’s Internet Crime Complaint Center, also known as IC3.
The report placed South Carolina 25th in the nation for the amount of money lost to internet fraud during the year, with $100,256,530 lost to a variety of online crimes ranging from ransomware attacks to email phishing scams. This was a dramatic increase from the state’s 2021 losses of $42 million.
South Carolinians placed 7,861 reports of internet fraud to the complaint center, also a significant increase from 5,426 victims in 2021.
The report showed the top three fraud schemes affecting South Carolina also had a business angle, with the state’s largest losses coming through business email compromises ($46.8 million), investment fraud ($13.5 million) and real estate fraud. ($12.4 million).
“In the past year, we had a myriad of cyberattacks against businesses in South Carolina, with many of them being new victims,” said Cindy Starns, a supervisory special agent for the FBI in Columbia who runs the “Cyber Squad” dealing with internet crimes. “With the amount of money lost more than doubling from the previous year, I don’t see how the state can continue to afford this.”
The pandemic also forced more businesses to deal with the security challenges of more employees working from home, Starns said, leaving many more vulnerable to attack because it’s impossible to send a company’s IT workers out to every remote home office to make sure routers and other equipment are secure.
The size of the businesses being targeted doesn’t matter. Starns said the agency sees victims from mom-and-pops with only one or two employees to large, multinational companies with hundreds of employees.
The difference is the effect that a massive cyberattack can have on the business. Large companies with lots of resources on hand might be able to survive a ransomware attack, for instance, because they can pay the ransom to get their systems working again. A mom-and-pop, however, might be forced to shut its doors if it can’t afford to pay the ransom.
State organizations focused on business and cybersecurity are trying to combat the frightening rise in cyber-crime with a variety of methods. CyberSecure SC, a cybersecurity initiative of the South Carolina Council on Competitiveness, works to get information about cybersecurity out to businesses all year long through a variety of methods and events, the largest being their annual SC Decoded Conference, which draws leaders from most of the state’s major industries to hear top speakers on the latest trends in online security.
“While cybersecurity starts at the individual worker’s desktop, an effective company policy really has to come from the C-suite,” said Kim Christ, director of Cybersecure SC. “No matter the size of the company, it has to be a total organizational decision that is supported and endorsed from the top down.”
New businesses and small businesses that might struggle with the revenue for effective cybersecurity can take advantage of some grants available through the South Carolina Department of Commerce and other organizations to help with development of cybersecurity programs.
The South Carolina Small Business Development Center (SBDC) offers several programs for small businesses, including an online video series about cybersecurity, personalized training classes and a cybersecurity awareness assessment, where a worker from the SBDC will visit a business to check out what they have in place and make recommendations on what they need to change.
“We find that a lot of small businesses have a tendency to think they are not a target because they are too small or not important enough to be on the radar of any hacker,” said Earl Gregorich, a Greenville area manager for the SBDC focused on cyber issues. “We need them to know that they are indeed a target, and what we can do for them is help them to become cyber aware and practice what you could call good cyber hygiene. You don’t have to be a geek or spend a ton of money to do to do that. In most cases, a business can do that by changing processes and changing their culture.”