To emphasize Murrin’s point, he included “awareness training for staff” on his list of to-dos at GSP.
“We must tell our employees not to pick up found USBs in the parking lot and stick them in the computer,” said Murrin, Chief Financial Officer at Greenville-Spartanburg International Airport at Greer. “Employees are 60 percent likely to stick a USB into the computer and if it has a brand or logo on it, it’s 90 percent more likely they will put it in.”
Murrin was presenting an IT security update to the GSP Board of Commissioners.
“We have come a long way in the past three years, with one IT person and a $20,000 budget,” Murrin said. “I was the IT person. Now we have two on staff and they have taken us light years ahead.” Murrin’s report illustrated the fragility of the regional airport.
The presentation was particularly timely with the South Carolina Department of Revenue getting hacked last Oct. 10 with a security breach compromising 3.6 million Social Security numbers. That attack also exposed 387,000 credit and debit card numbers.
Murrin said he communicated with the DOR inquiring about GSP’s status with the hacking incident. “I was satisfied with the DOR answers,” he said, without elaborating.
“We want to make it as hard as we can as fast as we can to prevent hacking into the GSP system,” Murrin said. “We’re probably getting attacked tens of thousands of times per month. The origins of these threats are worldwide.”
Murrin detailed the risks and threats and discussed how GSP is protecting itself. “Seventy percent of the companies that had security breaches, sixty percent were internal,” Murrin said, according to a Computer Security Institute study. “Some of the threats were malicious in intent and others were accidental.” GSP is focused on a converging project that is scheduled for completion in the first quarter.
Despite a variety of safeguards – Treasury Department controls, FDIC guarantees for unlimited non-interest accounts, investment collateralization and diversification and segregation of duties – Murrin said GSP is thinking of boosting its crime insurance from $2 million to $5 million.
Commissioner Leland Burch asked, “How long before we would know if we were hacked?”
“It depends on the magnitude of the hack and what was hacked,” Murrin said. “If it was money we would know it a lot quicker.” GSP has tiered security with its investments that command personal confirmation from within and outside sources.
Murrin topped his “Support Threats” with this caveat: “(The) complexity of our technical environment is exceeding or will exceed the complexity of our IT support team.”