The Brunswick News: Panel: Cyber threats up in 2017

By Tyler H. Jones, as published in The Brunswick News

Bob Cunningham of HunterMaclean, John Riley of the Federal Law Enforcement Training Center, Patrick Webb of HunterMaclean, Diana McKenzie of HunterMaclean, Fran Cioffi of Georgia-Pacific, and Tyler O’Connor of CRC Insurance Services

In today’s interconnected, digital world, not even the most sophisticated government computers are safe from intrusion.

Last week, The Wall Street Journal reported Russian hackers were able to steal details about how the U.S. defends against cyberattacks after a National Security Agency contractor took classified documents home and put them on his personal computer.

It was the Russian-made antivirus software installed on his home PC that helped the hackers find the materials, the Journal reported. Kaspersky Lab, which makes the antivirus software, denies the allegation, but the federal government went ahead last month and banned the software’s use on all U.S. agency computers.

Governments aren’t the only ones being hacked, though. Everyday small businesses and consumers are also at risk for cyberattacks. In 2017, one out of ever 131 emails contained some form of malicious software, according to Symantec, the world’s largest cyber security company.

There are, however, things companies and individuals can do to protect themselves from hackers, experts said Thursday at a cyber security panel hosted by the Coastal Georgia law firm HunterMaclean.

“If you think because you’re a small business, you’re immune to a cyberattack, you’re wrong,” said Diana McKenzie, information technology chief for HunterMaclean, and the panel’s moderator. “The cost of an attack, on average, is about $225 per compromised record.”

Industries like banks and health care providers are common targets for hackers, and large companies can see as many as 130 cyberattacks per year, McKenzie said during the panel, which was held at College of Coastal Georgia.

At one of those large companies, Atlanta-based Georgia-Pacific, employees are regularly trained in cybersecurity and how to recognize vulnerabilities, said panelist Fran Cioffi, G-P’s chief information security officer.

“We try to educate our employees, and teach them what’s the consequences of clicking on a link,” Cioffi said. “Georgia-Pacific sends out test phishing emails, and if they click on it, a 90-second video pops up.”

He also advises email users to hover the mouse over a link before clicking on it.

“Just because it says UPS.com doesn’t mean that’s actually where the link is going,” he said. “If you hover over it, you can see where it’s going, and if it’s something.ru, you know that’s a Russian website, and you might not want to click that.”

More and more, hackers are using computer-hijacking software called “ransomware” to extort victims. Ransomware installs itself on a computer after a person opens a malicious link or email attachment. The ransomware then encrypts all the computer’s files, effectively holding them hostage until the victim pays the hackers.

And often, it works — at least for the hackers. Symantec reports 64 percent of Americans are willing to pay a ransom, compared to 34 percent of people globally. The use of ransomware spiked this year, up 266 percent with hackers demanding, on average, $1,077, the company said.

“The only want to get your data back is to pay the ransom,” Cioffi said. “Or, you better have a good back up.”

Companies and individuals can buy insurance to protect against the costs of cyberattacks, but the best medicine is prevention, said Tyler O’Connor, a panelist and broker for the wholesale insurance firm CRC Insurance.

“In 2017, you’re not going to get a cookie for doing basic security,” he said. “You should have back ups (of your data), you should have a plan and you should train your staff.”

Ten percent of cyber breaches happen because of employee mistakes, he said.

“Cyber security is not a just an IT (information technology) issue, it needs to be an organization risk-management issue,” he said.

Hacking and cyber intrusion is more than a hassle, said panelist John Riley, the chief of the Federal Law Enforcement Centers cyber division.

“We are trying to educate law enforcement to not call it ‘cyber crime,’ but simply call it crime. That’s what it is,” he said. “Crime is crime.”

Riley’s division is responsible for training federal authorities on the risks posed by hackers and lax computer security protocols.

“We focus on the entities that are available to train (employees),” he said. “You have to make sure cyber security experts are meeting your needs.”

Staying protected, though, can be as simple as routine maintenance of computer systems, Riley said.

“One of the most important things is to just update your software,” he said.