13 April 2019

Winning the cyber war: Data breaches may be one of the biggest threats of the 21st century

By Rebecca J. Barnabi

Dan O’Brien, keynote speaker and a cybersecurity instructor at Blue Ridge Community College, shares “Protecting small and medium businesses from cyber attacks” with the audience at Stonewall Jackson Hotel in Staunton during E-N Computers’ and Shenandoah Valley Office Equipment’s “Cybersecurity for CFOs” event on Thursday, April 4, 2019.

“Protecting small and medium businesses from cyber attacks” was the topic shared by Dan O’Brien, keynote speaker and a cybersecurity instructor at Blue Ridge Community College, during E-N Computers’ and Shenandoah Valley Office Equipment’s “Cybersecurity for CFOs” event on Thursday, April 4, 2019.

At E-N Computers’ and Shenandoah Valley Office Equipment’s “Cybersecurity for CFOs” event at the Stonewall Jackson Hotel on Thursday, April 4, 2019, community members and business owners heard Dan O’Brien, keynote speaker and a cybersecurity instructor at Blue Ridge Community College, share “Protecting small and medium businesses from cyber attacks.”


STAUNTON — Forget about global warming, terrorists, another economic recession, hurricanes and taxes.

The greatest threat in the 21st century for individuals and businesses will come by way of the world wide web.

Twenty-eight community members attended “Cybersecurity for CFOs” Thursday afternoon, which E-N Computers partnered with Shenandoah Valley Office Equipment to provide at the Stonewall Jackson Hotel.

“The bad news is that 93 percent of all data breaches involve some form of phishing,” said Thomas Kinsinger, solutions architect for E-N Computers in Waynesboro, as he spoke on “Sophisticated Phishing.”

“The good news is, on average, in your organization, in your businesses, 78 percent of your employees won’t click on that phishing email,” he added.

However, that means 22 percent of employees might click on a phishing email.

Just ask the City of Atlanta, which was cyber attacked in late March 2018. The city lost $17 million, and parts of the city were shut down for two weeks. City employees had to communicate and complete paperwork via pen and paper.

“One of your biggest risks as organizations is your IT department,” Kinsinger said.

Ian MacRae is owner and president of E-N Computers. The company was founded in 1997, and has 2,200 users.

In his presentation, “Top 20 Controls for Managing Digital Risk,” MacRae said every business needs to manage risk.

He showed a photograph of a taxi van driving down the highway with its trunk door open.

“As business owners, we’ve got to start being able to identify these types of instances when it comes to [cybersecurity],” said MacRae.

A “warming” cyber war is happening right now, according to MacRae. Hackers are finding vulnerability within companies.

“This is something we’ve all got to take seriously,” MacRae said.

MacRae said Hutchins & Hutchins is a client of E-N Computers. The Augusta County Sheriff’s Office responded to a theft of $41,000 from the cleaning and supply company in Waynesboro after its computer system was breached.

“They were a company that wasn’t checking the back gate. They were driving around with the back gate open,” MacRae said.

The cost of cleaning up a cyber breach is expensive: the recovery of 5,000 financial records can cost nearly $1.1 million in cleanup.

MacRae said that 53 percent of breaches are caused by employees.

Companies should strive for cyber dents, like the dent in a car, not breaches, which are similar to a car crash.

MacRae compared the evolution of instructional technology to improvements made in automobile safety since the invention of the autobmobile. Vehicles today are made more than ever to ensure the safety of occupants during a car crash.

“I’m very optimistic about the future, and the way we’re going to mature in IT,” MacRae said.

Dan O’Brien, a cybersecurity instructor at Blue Ridge Community College and Thursday’s keynote speaker, spoke on “Protecting small and medium businesses from cyber attacks.”

O’Brien said that every employee is on the Internet and that poses a threat to small- and medium-sized businesses. Seventy-five percent of small to medium-sized businesses do not have cyber insurance. Some companies are unsure of the location of their backup systems.

“Small to medium-sized businesses are getting targeted more and more,” said O’Brien.

He said that more than 50 percent of cyber attacks choose a small- to medium-sized business as a target. The reason is because they are easy targets, and hackers do not mind spending time in a small or medium-sized business’s system for months if not a year or more waiting.

“They are trying to get to the bigger fish,” O’Brien said. Some hackers are waiting for when a company merges with another. “This is no joke. It’s not a lie. Sixty percent of businesses that get hacked go out of business.”

The business may not have anything to steal, but once their name is out as a business that was hacked, they can go out of business because their customers lose trust in the business’s ability to protect their information.

In recent years, Target, Marriott, Chili’s and Under Armour have all been hacked for their customer credit card information.

“These particular companies have one thing in common. Their third-party vendors had been hacked and that’s the route the hackers took to get into the large corporations,” O’Brien said.

O’Brien said that on Wednesday, after he prepared his presentation for Thursday’s event, the second worst data breach happened when the personal records of 500 million Marriott customers were hacked. Facebook had 550 million records breached also.

“All of this happened because someone hacks into a small- or medium-sized business, waits around for awhile and then tries to get to the bigger business,” O’Brien said. “Well, you don’t want to be that business that loses your vendors.”

He said Ransomware is when a hacker encrypts a company’s information, then the information is not accessible. But will the company pay the ransom to get that information back? O’Brien said companies have to ask themselves if they trust their backups.

O’Brien said a lot of cyber attacks are inside attacks, such as when an administrator accidentally shares her password.

Phishing is also an inside attack that happens when an employer clicks on an item in an email or online. Other cyber attacks are denial of service, malware and password attacks.

“Five minutes is all it takes,” O’Brien said.

A new attack on the horizon, O’Brien said, is called Crimeware. Criminals are able to download a tool to their smartphones and create mass spam messages such as phishing emails.

A popular Crimeware was CrimePack, and the perpetrator was arrested, as well as the perpetrator of SpyEye.

“But, you can see the trend here. This is just in the last few years, it’s getting much easier for people to just go: ‘Instead of trying to steal $1 million from a big company, I’ll just steal $20,000 from 50 small companies,’” O’Brien said.

Near the conclusion of his presentation, O’Brien said that he hoped he was not scaring audience members too much, but that they need to be aware of the cyber risks and how to protect their businesses.

They can obtain a risk assessment through a program O’Brien has begun at BRCC called Cyber Security Assessments, and they can be proactive by creating a business-impact analysis and ask themselves what would they do if their business were closed for three days or even one week because of a cyber attack.

Businesses must control access to information and equipment, including controlling the access an employee has when he leaves the company.

Strong passwords are also important to protect information. O’Brien suggested using a catch phrase or lyrics from a song with random numbers that you will remember.

“So our goal is to educate C-level employees about the dangers of cybersecurity,” said Amelia Herring, marketing specialist for E-N Computers.

Herring, who lives in Waynesboro, said that oftentimes individuals do not realize the danger of cyber threat until a breach.

E-N Computers seeks to educate clients and potential clients of possible threats and their consequences.

The Waynesboro-based company serves IT departments in Virginia, Maryland and Washington D.C. with getting effectively organized.

“We take a lot of stress off day-to-day issues,” Herring said of the company providing support for IT departments.

No comments: