Layers of Protection
By Mark Morris
As the world increases its dependence on the internet for all kinds of transactions, keeping everything secure becomes a constant challenge.
Cybersecurity experts compare their work to an ‘arms race’ in which every new, secure tool they put in place motivates cybercriminals to find a new way to defeat it.
“When you think about it, we need to be right all the time; they only need to be right once,” said Charlie Christianson, president of CMD Technology Group, which installs computer networks for all kinds of companies and keeps them safe.
Paul Whalley, president of Growth for Your Company (G4YC), said cybersecurity is like physical security in that, the more difficult it is for criminals to defeat, the better the odds of not being a victim.
“For example, if criminals want to rob a house, they are more likely to hit the house with an open door over one with bolted locks on every door, tightly shut windows, and a sign out front that says they have a security system.”
“Two-thirds of people use the same passwords on multiple online accounts. Imagine if a cybercriminal knows that one password and can log into your financial, work, or cloud accounts. It happens every day to millions of people.”
In his current venture with G4YC, Whalley helps companies like CMD Technology Group grow their business. In addition, Growth for Your Company is organizing a cybersecurity conference on Tuesday, Sept. 19 from 8:30 a.m. to 3 p.m. at Twin Hills Country Club in Longmeadow. The idea is to educate local business leaders and IT professionals on evolving cyberthreats and the latest tools to combat them.
Businesses that purchased antivirus software years ago may think they are protected, but Christianson noted that, even if the old software blocks a cyberattack, it can take months to determine the source of the attack and how it gained entry.
“The new software tools can make a huge difference because they will immediately point you in the right direction to find the problem,” he said. “Some will block the threat and move it to a safe server to determine if it needs to be quarantined.”
Two-factor authentication (2FA) — that access code a bank sends by text after the customer inputs a password — has emerged as a strong deterrent against outside attacks. Encouraging safe practices such as a written policy to guide employees on how to act when they are using the company’s system is another key to fighting cyberattacks.
The software tools are only as good, however, as the people using them. Scott Augenbaum is a retired FBI agent and cybercrime-prevention trainer who is scheduled to present at the fall cybersecurity conference. Augenbaum contends that online safety begins with basic practices everyone can follow, starting with passwords.
“Two-thirds of people use the same passwords on multiple online accounts,” he said. “Imagine if a cybercriminal knows that one password and can log into your financial, work, or cloud accounts. It happens every day to millions of people.”
When he retired from the FBI in 2018, Augenbaum said, cybercrime was a $4 trillion problem. Since then, the cost to society has doubled. “The pandemic ruined everyone’s lives except the cybercriminals. So many people were shopping online, working from home, and logging in remotely to our most critical sites.”
In addition to using 2FA, Augenbaum recommends that businesses and individuals identify what he calls “mission-critical accounts,” such as banks, credit cards, and cell-phone accounts, and make sure each password is unique and at least 12 to 15 characters long.
All three cybersecurity experts told BusinessWest no one is too small to be a target for cybercriminals.
“Every one of the victims I’ve worked with felt they didn’t fit the victim profile,” Augenbaum said. “Anyone who thinks they are immune because they are a small business increases their chances of joining the list of small businesses that have been victimized.”
Christianson agreed, and gave an example of someone who owns a pizza shop. “That person might think they are only in the pizza business, so what could happen? Well, they most likely process credit-card transactions, and that’s a gold mine to a cybercriminal.”
He added that it’s important for a business owner to consider what is unique in their environment that makes them vulnerable to a cyberattack. There was a time when insurance for cyberattacks could quickly help a company get back to business but after years of increasing claims, that has changed.
“There is a new landscape for cybersecurity insurance companies,” Whalley said. “Companies are now more stringent on eligibility to get cyberinsurance.”
Before selling a cybersecurity policy, Christianson added, insurers want to know that a business has built several layers of protection into its systems.
“Just like an onion has layers, an effective security system also has layers to make it harder to penetrate a company’s data,” he explained. “If one layer gets defeated, there’s another one right behind it to stop a potential breach.”
The Sept. 19 conference will focus, in large part, on how to create those layers of protection with technology and a more educated human element.
“Along with the technology, we will be encouraging training so everyone understands how to mitigate the risks,” Christianson said. “We all have a role to play in preventing cyberattacks.”