Surge in cybercrime during the pandemic requires response from state, suburban lawmaker says
Small businesses in Illinois have had to move their operations increasingly online and remote in the past year, driven to do so by the COVID-19 pandemic. Where the movement to online work has brought an increase in Zoom meetings, email communication and millions of people working from home, a darker trend has also taken hold: a dramatic increase in cybercrime.
State Rep. Keith Wheeler of Oswego believes the need for the Illinois government to take action is more urgent than ever, given what he says is an "eight- to 10-fold" increase in cybercrime since the pandemic started. Individual small businesses in Illinois have experienced losses from cybercrime that can reach hundreds of thousands of dollars.
Wheeler, the lead Republican on the House committee on cybersecurity, data analytics and IT, filed the Cyber Security Compliance Act, a bill that would ask businesses and state institutions in Illinois to create a cybersecurity program to safeguard personal information. Businesses that did so could then mount an affirmative defense to protect them against liability in any lawsuits resulting from acts of cybercrime.
"Sometimes (a small business) can do everything perfectly, but if there is a flaw in Microsoft or Apple or Google's software that they didn't even know about, then you're still on the hook for the breach," Wheeler said. "This (bill) would give those companies a defense in those situations."
For the past 30 years Wheeler has led a suburban tech company, Responsive Network LLC, that works with small businesses to protect against cybercrime. Wheeler said that since the pandemic struck, cyber criminals have taken advantage of businesses' increased use of technology.
Wheeler cited a cyber attack that shows the stealth and efficiency hackers operate with today.
The business Wheeler worked with had been contacted by its payroll processing company, which had prepared a payment to a vendor on the company's behalf. That prepared payment had a typing error, which led to the payroll company calling the business to confirm a correction of the error.
In correcting the error, the business uncovered that a hacker from Lagos, Nigeria, had been inside an administrator's email account for months, copying signatures, stealing passwords and hacking the accounts necessary to authorize a "substantial" money transfer. The hacker had completed the process and would have made away with the money had the typing error not occurred.
"What that told us was not only were the passwords all the same, which was a problem that happens to way too many businesses," Wheeler said.
"At the same time, they didn't have systems in place where they needed a verbal or written authorization, now it can be all electronic, to move that kind of money."
Illinois' ethics officers from all four caucuses cleared Wheeler's sponsorship of the bill after determining it would not be in conflict with his private business interests. Wheeler said his business is operating at capacity and that while such a bill could benefit his business over time, it would not give him any advantage over other businesses operating within the cybersecurity market.
The cyber criminals of 2021 are far more sophisticated and far more ruthless than in the past, Wheeler says. Hackers today are backed by organized crime syndicates and even foreign nations.
While software companies and businesses continue to make strides in cybersecurity, despite 56% of businesses having "inadequate" cybersecurity according to Wheeler, the sophistication of the criminals means they are always making advances, as well.
"We're forever in this kind of catch up, fall behind, catch up, fall behind, part of this process that is a forever game," Wheeler said. "Cybersecurity is just going to become more and more important, especially as more and more of our lives, personal and professional, are online."
The problem of cybercrime is particularly bad in Illinois. A study by London-based cybersecurity firm Clario found Illinois was the hardest-hit state in the United States by cybercrime.
In Illinois, cybercrime losses totaled $107,152,415, according to the study, and affected 14.6 of every 1,000 people.
"It has grown into something that is a real industry now and it's international," Wheeler said. "It has all the intrigue of nation states as well as organized crime. And that doesn't mean the smart kid down the street can't participate in it as well. The cyber criminal element is much more sophisticated, and it's more dangerous than ever."