Recently, Macon-Bibb County, GA experienced a cyberattack which ultimately left county officials unable to access their email and landline phones and affected the county’s public services. It appears officials took the network offline after the cyberattack in order to contain the damage. What kind of attack the county experienced has not, as of now, been revealed.
However, what we at BIT services find notable is the context of the attack. Macon is the fourth largest city in GA, behind Atlanta, Augusta, and Columbus. Bibb County is the 16th largest county, behind counties in the various Atlanta, Augusta, Columbus, and Savannah metro areas. There seems to be a popular opinion that cyberattacks focus on “big fish” only. In Georgia, it is true that cyberattacks have caused significant damage in some of the most populous counties, including Fulton County (Atlanta) in 2021 and Richmond-Augusta (2023). Both of these governments experienced significant attacks which compromised data, affected public services, and impacted public trust. It remains to be seen what damage has been done in the smaller, but still significant area, of combined city-county Macon-Bibb.
But it should also be noted that threat actors have not simply targeted “big fish.” These attacks join others in GA and SC in the past several years that include larger counties (for example, Spartanburg County, SC in 2023), as well as mid-size counties like Coffee County, GA (2024) and Georgetown County, SC (2021). The Coffee County attack is an interesting comparison to the Bibb County attack. Only occurring a few weeks before the Bibb County breach, Coffee County officials were made aware of the breach by federal officials who noticed suspicious activity. As a result, Coffee County systems were cut off from various state IT systems, including its voter registrations systems. Additionally, public services appear to have been disrupted for a short period. Coffee County is about one quarter the size of Bibb County and is not part of a major metro area. So, every county regardless of size is at risk of these threats; it doesn’t matter if you are in Fulton (a large county) or Bibb or Coffee (mid- and smaller-size counties).
Expanding beyond county governments, if you have paid attention to cyberattack news in the CSRA over the years, those security breaches have affected local colleges, regional banks with multiple branches in the CSRA, and local hospitals. Of course, security breaches at large national and multi-national companies like Microsoft, Colonial Pipeline, Dropbox, and others regularly make the news. What don’t make the news, however, are security breaches at SMBs in the CSRA. Yet, SMBs are as much under threat of attack as are large government entities and multinational corporations. The 2024 Verizon Data Breach Investigation report found that 62% of financially-motivated incidents involved ransomware or extortion, and these incidents had a median loss of $46,000. That dollar amount, which may seem so low, should give pause to SMB owners. Threat actors are not necessarily after the big pay day; it is well worth their efforts to take smaller bites at whatever apples they target.
Cyber security breaches of local governments, for example, make the news because there is a clear disruption of public services which all citizens notice. A county can’t hide that its website is down and that its trash or public safety services were affected. The same goes for large regional or national businesses – the sheer scope of these makes it difficult to hide, as embarrassing as it is. It is important to emphasize that these embarrassing situations happen to SMBs in the CSRA, but they simply do not make the news, even though significant disruptions to services may occur.
Again, stories like the Bibb and Coffee County security breaches help illustrate the expanded cyber threat environment in which we now live. An SMB is no safer than a multinational corporation because of its smaller size, any more than Bibb or Coffee Counties are safer than Fulton from cyberattack. Cases like these should cause SMB owners to assess their own risk. The takeaway is two-fold: first, cyber threats happen regularly and consistently. Second, they are not only happening to “big fish” somewhere out there. Threat actors target SMBs as well as multinational organizations, and it has simply become a necessary part of an SMBs’ risk assessment to practice effective cyber hygiene.