When a ransomware attack shut down the Colonial Pipeline, which provides 45% of the gas for the East Coast, Nancy Bagranoff wasn’t all that surprised by the fuel runs and shortages that followed.

The rise in such attacks is one reason the accounting professor created the course, “Cybersecurity for Business,” which is offered to any UR student through the Robins School of Business.

Years ago, Bagranoff, who has a background in accounting and information systems, worked briefly as a faculty in residence for a large public accounting firm and spent time in their computer risk management practice. “Breaking into computer systems was easy then and it’s easy now,” she said. “Realizing how important cybersecurity has come as both a threat to business and a career opportunity for students, it made sense to me to capitalize on my background and to teach students a topic that is relevant to their potential career paths and to their daily lives. Accountants are well-qualified to work in this area as they study risk and control in their auditing courses.”

She said the ransomware attack on the pipeline led to a gas buying frenzy that played out across many states in the Southeast, including Virginia. Such attacks are on the rise, and COVID contributed to the increase, she said.

“Remote work created more opportunities for cyber-criminals, aka bad actors,” she said. “One of the most common ways for hackers to infiltrate information systems is through phishing attempts where a targeted individual clicks on a link to malicious software. During COVID, some of these links purport to have pandemic-related helpful information, creating more opportunity for successful phishing attempts.” 

Ransomware holds a person or company’s data hostage. In a ransomware attack, Bagranoff said, a user may be met with a ransom demand. “They may not have access to their data, which is now encrypted or scrambled so as to be unreadable,” she said. Hackers may also make the data public or sell it to other criminals. 

“The Colonial Pipeline ransomware attack provides an example of how consumers can be impacted by ransomware,” Bagranoff said. “Attacks on our infrastructure, including our electrical grid and water supply are possible and there have already been instances of them.”

Many industries have been hit with such attacks, including hospitals, higher education, and municipal governments. “The effects on consumers can range from higher prices, product shortages, and supply chain interruptions, to even physical harm or death,” Bagranoff said.

She shared an example from a few months ago in which a hospital in Germany was forced to divert an ambulance from a hospital undergoing a ransomware attack.  Unfortunately, the patient died on the way to the alternate medical facility.

She encourages consumers to be aware and alert, and to take any cybersecurity training that business organizations offer. UR assigns security awareness training each year to faculty and staff. The first year a 30-minute course is offered and the following year there is a 15-minute refresher. The course is mandatory for staff and encouraged for faculty. An optional free course also is offered to students.

“We use many, many electronic devices today that are interconnected,” Bagranoff said. “This connectivity is one of the drivers of cyberattacks of all kinds.”