After all, we're not a worldwide technology hub like the Silicon Valley, or the country's seat of government like Washington, D.C.
That would be naive, said Mike Sitler, Lehigh County's director of information security.
"We really see the same thing as the rest of the world," Sitler said. "As these threats emerge in the rest of the world, we see them here."
As sophisticated cybersecurity threats grow in frequency, institutions large and small are devoting more time and money than ever to protecting their own and their customers' information from online attacks, say experts. The costs are spread throughout various budgets, and are hard to quantify, but Lehigh County has seen its own information security tab increase in recent years, said Bob Kennedy, the county's director of computing and network infrastructure
Worldwide spending on information security products and services will top $81.6 billion in 2016, up 7.9 percent from 2015, according to information technology consulting firm Gartner Inc. It's a rate of increase that the firm expects will continue through at least 2020. And cybercrime's cost to businesses, according Juniper Research, will hit $2.1 trillion by 2019, four times the cost of such attacks in 2015.
Those costs are incurred when hackers steal company secrets, disable computer networks, shut down e-commerce sites and steal customers' personal data.
The issue has caught the attention of local business leaders. The level of interest in improving cybersecurity in the local business community has increased tenfold compared to just a year ago, said Tony Iannelli, president and CEO of the Greater Lehigh Valley Chamber of Commerce.
"In the past, when I would talk to companies, it was something that didn't happen to your company but someone else. Now the discussion has switched to, 'It could be my company at risk,'" Iannelli said.
While big companies such as PPL and Air Products ramp up their own efforts, local information technology expert Scott Gingold's company has been doing an increasing amount of work for small- and mid-sized clients in information security as each new high-profile breach brings a new set of questions from customers.
"My day, seven days a week, starts at 4:30 in the morning, and the first thing I look at are the security threat assessment reports," said Gingold, who runs Bethlehem's Lehigh Valley Technology Company.
They're constantly changing, Gingold said. For Lehigh County's Sitler, ransomware is his current preoccupation.
That's malicious software, malware for short, that gets into a computer or network via a bogus email that seems to be from a legitimate company like Amazon. The email contains a link that when clicked upon locks up files and demands a payment to release them.
Internet security firm Kaspersky Lab reported that ransomware attacks on businesses multiplied threefold between January and September.
Hackers used ransomware to shut down the Madison County, Indiana, government in November, extracting a payment of $28,000 from the county and disrupting its computer network for weeks as the county rebuilt its locked-down system.
A May phishing attack tricked 108 Los Angeles County employees into clicking on a link and providing their user names and passwords, exposing the personal information of 756,000 people. Phishing is when someone masquerades as a legitimate entity in an email or text message in order to trick the recipient into voluntarily providing personal information.
"We have measures in place to stop that but there are always new methods," Sitler said. "These people are smart." Sitler said he spends a lot of time educating county workers on how they can help prevent attacks by not clicking on anything suspicious.
High-profile Lehigh Valley companies and their customers have been victimized by hackers in recent years. In 2014, Sands Casino Resort Bethlehem revealed that hackers who took over its websites also accessed the personal and financial data of tens of thousands of customers who gamble at the casino.
Commonwealth Federal Credit Union was forced to warn its customers about a text-message phishing scam in April, when someone used the credit union's brand to try to steal customers and non-customers' personal information.
In January 2015, hackers hijacked Crayola's Facebook account, posting links to racy content.
And in June, a Palmer Township medical office, Integrated Health Solutions, informed its patients their personal information may have been exposed by a breach reported by its medical software provider, Bizmatics, Inc.
Those are just a few recent examples.
It's not a subject local companies like to talk about. PPL Corp. declined to discuss the measures it takes to protect its customers' financial information and the power grid itself against attacks.
The same was true of Embassy Bank, whose CEO David Lobach said protecting customers' personal and financial information is job one, but that the company's information technology leadership took a pass when asked to discuss the extent of the bank's efforts.
Lehigh Valley Health Network, which maintains countless gigabytes of patients' health care data, also demurred when asked to discuss its cybersecurity efforts.
Companies don't like to talk about their cyber defenses because they don't want to attract attention, Gingold said.
"The reasons that they are reluctant is because they think this will make them a target for attackers, in other words, a challenge for those who wish to put a trophy on their mantle," Gingold said. "The other reason is that if a business suffers an attack, from a career perspective, it could be a career-ender for the [chief information officer]."
It's not that these local companies aren't engaged. PPL referred The Morning Call to an article CEO William Spence wrote for the Edison Electric Institute's Electric Perspectives magazine on the importance of improving cooperation among utilities and others involved in protecting the U.S. power grid from cyberattacks.
In the article, Spence wrote that cyberattacks are one of the threats against the nation's electricity infrastructure that keeps him up at night.
"Since 2012, the rate of cybersecurity incidents has been steadily rising against critical infrastructure segments including energy, critical manufacturing, information technology and financial services," Spence wrote.
In an April interview published on PPL's website, Spence said PPL meets several times a year with the Department of Energy, Department of Homeland Security, Department of Defense, and the FBI Counterterrorism Division on cybersecurity efforts. PPL recently hired a new vice president-level corporate information security officer.
"Could we use more capital?" Spence said when asked whether the utility's cybersecurity efforts would benefit from additional funding. "Probably. I think we're doing well, though, already. And all the energy companies are continuing to invest more and more in cyber technology and capability. We also recognize that government agencies and state agencies are concerned about potential threats. And we understand why they would be concerned."
There's no sign the threat from cybercriminals will abate. In his predictions for 2017, cybercrime expert Steve Weisman wrote in USA Today that attacks of all kinds will increase and grow more sophisticated in 2017, including increasing network intrusions that target companies' intellectual property, medical and bank records and mobile devices.
That means little downtime for information security pros like Lehigh County's Sitler.
"My phone is always on me, and I am watching the stream of data 24-7," he said.
©2016 The Morning Call (Allentown, Pa.) Distributed by Tribune Content Agency, LLC.
