South Carolina Hasn't Had a Cyber-Security Officer for a Year

November 28, 2012

The state of South Carolina. has gone about a year without a cyber security officer.

DOR Director Jim Etter, who has resigned but will remain as director until the end of the year said the agency’s $100,000 salary can’t compete with a private sector salary, says an AP report.

According to Senate hearing testimony into the massive data breach at the Department of Revenue (DOR), Etter says when his agency looked at encrypting data in 2006 it was decided it would cost $5 million and be “cost ineffective.” He said the Dept. of State Information Technology is now monitoring SCDOR 24/7, which makes system more secure, the report says.

Senators also heard testimony from Marshall Heilman, director of Mandiant, the private cyber security firm hired by DOR after the breach.

Heilman gave a report on what caused the breach, saying that a lack of encrypted data and a lack of multi-factor credentials caused the breach, says the report.

A DOR employee opened an email that most likely allowed the hacker to get the employee’s credentials, giving him access to the system, Heilman said.

Last month, South Carolina Gov. Nikki Haley disclosed that a foreign hacker had breached the Department of Revenue, potentially taking 3.8 million Social Security numbers, 3.3 million bank account numbers and information belonging to nearly 700,000 businesses.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.