Human vulnerability identified as weak link in cyberattacks.
Don’t be so quick to click that link. That urgent email is one of the biggest cybersecurity threats out there, and hackers are getting smarter in figuring out just how to get you to share your personal information allowing them access to everything about your business.
This topic took center stage Tuesday as NJBIZ hosted a panel discussion on cybersecurity at the DoubleTree by Hilton Somerset Hotel. A panel of experts, with the goal of safeguarding information, said that criminals are waging cyberattacks on businesses, stealing money, accessing private information, and eroding trust between consumers and companies. They offered advice and ways to spot and prevent attacks, and urged more than 90 attendees to think critically and recognize an attack when one appears.
Michael Geraghty, chief information security officer of the state of New Jersey and the director of the New Jersey Cybersecurity and Communications Integration Cell, moderated the panel. Geraghty is responsible for developing and executing cybersecurity strategies; he knows first hand that many companies have suffered breaches that compromise their customers’ information.
Panelist Timothy Guim, president and chief executive officer of PCH Technologies, grew his business from a one-person organization to a global cybersecurity and information firm. He said people open a normal-looking email that was sent from a criminal because the email in question looks to have been sent from a legitimate source. The recipient clicks on a link within the email that causes a breach of his or her personal information or company information.
Dominic Genzano, the CEO and founder of Secure Technology Integration Group (STI Group), who leads cybersecurity strategy services in which he designs and implements cybersecurity initiatives said: “Hackers are becoming smarter and they are not trying to break into technology.”
“They are exploiting normal channels of communication,” he added. “They are going along with the normal channels of communication. They are exploiting the human factor.”
On the subject of ransomware, Genzano said hackers are installing ransomware and planting encryption software and there needs to be layers of security to each business’s set of applications.
Guim advised having a backup solution and not paying money to the perpetrators who installed the ransomware.
Carl Mazzanti, president of eMazzanti Technologies, provides information technology consulting services for businesses. He worked in the Twin Towers on Sept. 11, 2001, yet said some of the things that keep him up most at night are emails, and their aftermath: Emails targeted at high-level executives, sent by a criminal.
After a breach, an executive knows he or she opened the email that caused it, but doesn’t report the problem. “They know their computer is slow but they do not get reprimanded,” Mazzanti said.
Mazzanti advised against using simple passwords and said people should protect the passwords of their social media accounts and bank accounts.
John Wolak, a chairman of privacy and data security team at law firm Gibbons PC, recommended employees take time and not open an email if they think it was sent from a suspicious person. He recommended people report a problem as soon as one is recognized. Wolak stressed that breach notification is a real issue and said it was part and parcel for your incidence response.
“The faster you get into that compromise, the faster it will be solved,” Wolak said. “You do not have to take ownership of it. You simply have to report it.”
Wolak also spoke about insurance against cyber attacks to provide coverage for the risks related to cybercriminals. “Historically, people looked for coverage under other policies,” Wolak said. “That coverage may still exist under those other policies … Know your business. In order to mitigate risk, you need to know your data, who has access to it, and where it is stored. You can get coverage tailored to your needs so you are not overpaying for it.” ”
As a former New Jersey State Police employee, Geraghty invites citizens to see a threat and report it. And it is something he advises in his role with the NJCCIC. “You get hit with malware. Report it to the NJCCIC. … We want to share the bad actors with everyone so they can take preventative measures.”
Businesses lost $1.2 billion last year because of cybercriminals who sent fraudulent emails, he said. But people should use critical thinking skills as a first step to recognize cybercriminals. “Not everything needs a technical solution,” he said.
Further coverage of the cyber-security panel discussion will be available in the March 2, 2020 publication of NJBIZ.