The Washington State Auditor’s cybersecurity leader has a ballpark figure about how often ransomware cases happen in Washington, but some of it goes unreported.
“I would imagine it’s probably more in the teens, not the hundreds in terms of Washington. But when it happens, it can be absolutely devastating,” said Scott Frank.
In addition to leading the performance audit division at the Washington State Auditor’s Office, he oversees the cybersecurity checkups they offer to government bodies. The SAO cybersecurity team also sets up penetration tests on high-value target networks and critical infrastructure.
“Things like our water systems, the agencies that deliver electricity, hospitals,” said Frank.
One of the nation’s largest water companies was recently hit with a cyberattack that knocked out the billing service for millions of customers spread across several states.
A malware detection in late 2024 led to the extended outage of a critical portal for Washington State Courts and related case disruptions.
“Cybersecurity probably is our biggest growing book of business,” said State Auditor Pat McCarthy to TVW’s The Impact.
“I mean, people are hungry for it. Governments are hungry for it,” added McCarthy. “They want to protect what they are overseeing.”
While AI may be useful for fending off threats, it’s also optimizing the attacks.
“When you get emails that are trying to trick you into doing something, those emails are just getting better and better in terms of being more realistic and artificial intelligence really aids in that. They used to be full of spelling errors and really awkwardly worded,” said Frank.
A nightmare scenario for SAO’s IT Director would be a successful attack shortly after an audit that missed a vulnerability.
“You know, we can’t find everything, but we think we’re pretty thorough,” said Frank.
The Washington State Auditor’s Office has also experienced the fallout from a cyberattack. In late 2020 a private file-transfer software provider used by the Auditor’s Office was breached. The Impact covered that issue as well. Watch the Q&A with Auditor McCarthy from 2021 here.