ATLANTA — As the City of Atlanta works to free their systems from a cyberattack holding them ransom, 11Alive's investigators discovered this attack is just one of thousands of attempts a year on Georgia government computer systems.
However, as we've seen in the Atlanta case, details of those threats are often kept secret from the public.
The Georgia Technology Authority manages the IT networks for nearly 80 percent of the state's government agencies. The Department of Community Health and Georgia Bureau of Investigation are two of them. Each day, the GTA combats multiple attacks a day on thousands of state computers.
Last year, the authority confirmed state computers were hit with about 124 cases of malware – a day. That totaled about 45,000 attempted attacks for all of 2017.
At least 20 of those attempts were successful and considered severity 1 or 2 level. Some of those included hackers locking state employees out of their accounts and stealing their IDs and passwords.
- Cyberattack hits Atlanta computers
- Expert: Full recovery from cyber attack for Atlanta could take months
- Public deserves to know more about how Atlanta is battling cyberattack
- Atlanta works to move forward following cyberattack
Malware is a type of software intended to damage or disable computers, which includes attacks like ransomware. But, when 11Alive asked the GTA what kind of malware-infected state computers, its director of cybersecurity, Walter Tong, said he couldn't disclose it, even though other states, like Texas, have disclosed the information in the past.
11Alive Investigator Andy Pierrotti asked Tong if Texas is willing to provide that information, why can't Georgia?
"We are a little bit more cautious in our approach," Tong defended, adding that disclosing the information may embolden actors. "If we can play the odds that one-in-100 attacks will get through, I’ll play those odds. We want to avoid doing that – odds games with actors."
If a state computer is hacked, compromising personal information to the public, state law requires the agency to notify you. It’s such a worry, Georgia pays for cybersecurity insurance to pay for recovering or replacing computer systems.
But Tong says Georgia and the rest of the nation face a shortage of cybersecurity experts to combat the onslaught of hackers. By 2021, the U.S. is expected to need half-a-million more cybersecurity security experts but likely won’t have enough people to fill the positions. To address the shortage of cybersecurity experts, the state invested $100 million last year into a cyber center, scheduled to open in July 2018, to help train future IT professionals.
“Is that a national security issue," Pierrotti questioned.
“I would say so," Tong agreed. "I would tell you that other cyber actors, nation-state actors, many more resources that’s being applied than what they’re doing.”
Tong said when it comes down to it, an agency's employees, the computer users themselves, are the last line of defense, but can also be the weakest link.
"You can have the most latest, wiz-bang, anti-virus network defense, but it comes down to the user," Tong said. "When they click on something that they shouldn’t, it can spread throughout the network.”