Following escalating tensions between Russia and Ukraine, top U.S. officials including President Joe Biden called on companies to enhance security measures to avoid cyberattacks.
"I would respectfully suggest it's a patriotic obligation for you to invest as much as you can" in technology to counter cyberattacks, Biden told members of the Business Roundtable back in late March.
During the past few years, cyberattacks on major institutions from hospitals to corporations have cost millions of dollars.
A 2021 study from IBM found data breaches cost companies $3.86 million. For healthcare institutions, the impact can be even greater with a $6.4 million price tag that's been increasing over the years.
Installing barriers to prevent a costly hack, also comes with a cost and not just to big businesses.
Enhanced threats mean everyone from schools to local governments to individuals is at risk.
Since the pandemic sent many employees home, many institutions have had to increase spending to protect employees.
The Deloitte Health Equity Institute estimated companies spent around $350 more per employee on cybersecurity in 2020 than in 2019.
Dwayne Campbell, the chief information officer for Fayetteville, said the city has added around $150,000 a year for cyber security enhancements.
"The bad actors are changing and getting smarter and smarter. So our cybersecurity needs are ever-evolving," Campbell said.
Campbell explained the move to remote working during the pandemic spurred the need for more investment, but the situation in Ukraine has also impacted what measures the city has in place. He said to keep up, the city has had to partner with outside vendors.
"We are fighting threats every day," Campbell said. "Every municipality is fighting different types of cyber-attacks and that we have to be diligent and what we did yesterday is not good enough for today."
For many companies, these enhancements have included adding software that allows multi-factor authentication for users
Over the past few years, the attack on the Colonial Pipeline and the invasion of Ukraine has further spurred businesses to invest.
Last month, Biden's top cybersecurity aide said they didn't have any specific information regarding a Russian cyberattack but noted an increase in "preparatory activity," like scanning websites and hunting for vulnerabilities, that is common among nation-state hackers.
Wake County Technical Community College has recently hired a Chief Information Security Officer, and additional cyber security staff along with increased their cybersecurity insurance.
Cumberland County has also added a cyber-security-specific employee and reported an increase in security spending from last year.
The Cumberland County School District started scanning devices daily for infection and upgraded its internal network in the last year.
UNC-Chapel Hill specifically cited geopolitical events as a factor behind putting additional safeguards in place over the last month including, "strengthening phishing detection, expanding the use of a technology to identify novel malware, blocking a larger range of high-risk sign-ins, blocking a few hundred additional computer addresses and taking immediate actions when a high-security alert is detected."
Wake County increased its budget for Informational Services by around 8% since 2020. The county dedicated $21 million this past fiscal year to assist with proactive measures.
Durham County has increased its information and technology budget ($12.2 million) by 22% since 2020 and added four new positions. Cumberland County's $6.3 million budget is about 18% higher than in 2020.
He said simple and cost-effective things like increasing employee awareness training can have a payoff.
"One example of a proactive step we have taken, due to recent events, is ramping up our education and training programs to help users identify and avoid potential threats, which are becoming increasingly sophisticated. We believe the malicious activity will continue to increase and organizations like ours will need to invest even more in prevention and protection," UNC Health spokesperson Alan Wolf said in a statement.
Duke University, Durham Public Schools, Duke Hospitals declined to comment on their efforts citing safety concerns.
The rising cost to combat cyber threats leaves some municipalities' vulnerable as they struggle with the budget and resources.
"There is a huge disparity in the number of resources available to municipalities and counties, smaller, rural, or counties, municipalities," explained Mark Seelenbacher, Henderson County's IT director.
Seenlenbacher is part of the North Carolina Local Government Information Systems Association. The association started as a way to help municipalities with technology support during natural disasters but now assists more and more with training and response to cyber security across the state.
"Sometimes when you have limited funds, you got to pick and choose what you want to spend your money on. And so and we have, we try to provide a practical approach," X said. "Even if you have all the bells and whistles, everyone is vulnerable in this day and age; no network is secure. That's the scary part."
The group explained if municipalities are hacked, health records, court documents and taxpayer information could be compromised, but it could also mean halting major services towns run.
"It's not just about the data breach itself, it's about services coming to a halt and that's a big issue. You think about an economic development standpoint when permits can't be issued for new buildings and things like that. So it's a multifaceted problem for local governments to deal with," Seenlenbacher said.
Jon Sternstein is the founder of Stern Security, a cyber-security business in the Triangle. His company works to protect multiple organizations that range from health care to finance to utilities. He said lately more and more businesses are reaching out to add measures to prevent being hacked. He said the investments businesses are making now are worth it.
"I think the big thing is just making sure you're prioritizing that effort and ensuring that you have that in place. It's definitely going to be more expensive in the long run to have a breach. I mean, the average cost of a cyber-incident is over a million dollars. So having those things in place, is definitely more cost-effective in the long run," Sternstein said.
Sternstein recommends businesses increase security awareness training, implement two-factor authentication, and continually do security testing.
For individuals, he recommends keeping devices updated, backup files, having antivirus protection on devices, avoiding clicking random links, and limiting what personal information you share on social media publically.