Tak­ing steps to pre­vent data breaches

As the crime spreads, com­pa­nies and their em­ploy­ees must take steps if they don’t want to be­come vic­tims

Daily Local News (West Chester, PA) - - FRONT PAGE - By Brian McCul­lough bm­c­cul­lough@21st-cen­tu­ry­media.com @wc­dai­ly­lo­cal on Twit­ter

EAST WHITE­LAND » After a pres­i­den­tial cam­paign in which leaked emails and al­le­ga­tions of Rus­sian hack­ing pre­vailed, busi­nesses in Chester County and the re­gion were re­minded last week of the im­por­tance of cy­ber­se­cu­rity.

For busi­nesses, con­cerns are more in line with the kinds of credit card breaches that oc­curred at Tar­get and the take down of so­cial me­dia sites in re­cent years.

“There’s al­ways vul­ner­a­bil­i­ties and smart peo­ple out there who want to (take ad­van­tage) of those vul­ner­a­bil­i­ties,” Rob John­son, chief ar­chi­tect of the Stealth Pro­gram at Blue Bell-based Unisys, said dur­ing his talk at Tech360, a full­day sym­po­sium on data se­cu­rity held Fri­day at Penn State Great Val­ley.

Cy­ber­se­cu­rity should be like an onion, John­son said, with lay­ers un­der­neath the outer layer pro­tect­ing data.

Mal­ware, he said, typ­i­cally waits – some­times for years – to be ac­ti­vated. And while com­pa­nies must in­vest in the best se­cu­rity sys­tems avail­able for their data, it may not be enough to pre­vent a breach. Why? “Be­cause smart peo­ple do dumb things,” he said.

John­son pointed to at­tacks that took down an Ira­nian ura­nium pro­cess­ing plant. Ac­cord­ing to some ac­counts, that virus was in­tro­duced by a worker there who found a thumb drive in the park­ing

“To­day it’s not just the IT man­ager who is af­fected by data se­cu­rity – it’s creeped into just about ev­ery facet of busi­ness.” – Leah Fox, ex­ec­u­tive vice pres­i­dent of tech­nol­ogy and ser­vices de­liv­ery for LoanLog­ics

lot and put it into a com­puter there.

Last year, Tar­get Corp. agreed to pay about $39 mil­lion to banks and credit unions to re­solve losses from a 2013 hol­i­day-sea­son data breach. Lawyers for the banks ar­gued the re­tailer failed to take pre­cau­tions to pro­tect the cus­tomer data.

In that case, the virus was in­tro­duced through the home com­puter of a Tar­get HVAC con­trac­tor, John­son said. Once it was in­tro­duced into Tar­get’s sys­tem, it sent mes­sages to Eastern Euro­pean hack­ers and waited for a trig­ger.

Iron­i­cally, Tar­get had just pur­chased the se­cu­rity sys­tems to com­bat such a hack.

“But it’s Black Fri­day and they de­cided they can’t take down the point of sales sys­tems,” John­son re­lated. “Smart peo­ple do dumb things.”

The size of the threat is get­ting big­ger all the time as more of the things we buy are hooked into the in­ter­net. Re­cently, a home DVR is be­lieved to be the source of an at­tack that took down the in­ter­net.

“Light bulbs, home ther­mostats, DVRs, home routers can be in­fected re­ally, re­ally eas­ily,” John­son noted.

And the stakes are get­ting higher as hack­ers are em­bold­ened by their abil­i­ties to breach sys­tems.

“It could lead to po­ten­tially cat­a­strophic events,” John­son said, point­ing to the ram­i­fi­ca­tions of power grids be­ing taken off­line. “Or imag­ine if it in­fected all of the in­sulin pumps in a hos­pi­tal ... I hope I’ve scared you be­cause I’ve scared my­self.”

While com­pa­nies like Tar­get can ab­sorb the losses from a data breach, the sit­u­a­tion can be fa­tal for small and medi­um­sized com­pa­nies, noted Austin Mor­ris Jr. of Mor­ris Risk Man­age­ment in Hunt­ing­don Val­ley.

Mor­ris said 60 per­cent of small busi­nesses that are vic­tims of cy­ber­at­tacks who don’t have cy­ber insurance go out of busi­ness six months after an at­tack.

Ex­perts at the con­fer­ence said it is im­por­tant that ev­ery­body within an or­ga­ni­za­tion re­al­ize they have a role in prevent­ing data breaches. For com­pa­nies, Mor­ris gave the fol­low­ing ad­vice:

• Know what data and in­for­ma­tion em­ploy­ees have about the com­puter sys­tems.

• Train and ed­u­cate ev­ery­body about cy­ber­se­cu­rity. Make it part of the cor­po­rate cul­ture that’s reg­u­larly ad­dressed.

• En­crypt sen­si­tive in­for­ma­tion.

• Have cy­ber li­a­bil­ity insurance.

• Test sys­tems to un­der­stand their vul­ner­a­bil­i­ties.

For in­di­vid­u­als, all of the ex­perts at the con­fer­ence spoke of the need for bet­ter pass­words. Mor­ris sug­gested peo­ple take the first let­ter of the first few words of a song they like and comb­ing it with a ran­dom num­ber that means some­thing only to them.

Never re­use pass­words, the ex­perts em­pha­sized.

The Chester County Eco­nomic Devel­op­ment Coun­cil pre­sented Tech360 in col­lab­o­ra­tion with its pro­grams Ideas x In­no­va­tion Net­work(i2n) as well as In­no­va­tive Tech­nol­ogy Ac­tion Group, or ITAG. The event was spon­sored by New Hori­zons Com­puter Learn­ing Cen­ters and VISTA.To­day.

In ad­di­tion to the ses­sions on cy­ber­se­cu­rity, pre­sen­ta­tions were made on Big Data, Ag­ile Devel­op­ment, Ro­bot­ics, Women in Tech­nol­ogy, and Hir­ing Tech Tal­ent. An In­no­va­tion Show­case also was held dur­ing the event.

“Tech360 is rel­e­vant for so many com­pa­nies that de­pend on se­cure and ac­cu­rate data. To­day it’s not just the IT man­ager who is af­fected by data se­cu­rity – it’s creeped into just about ev­ery facet of busi­ness,” noted Leah Fox, ex­ec­u­tive vice pres­i­dent of tech­nol­ogy and ser­vices de­liv­ery for LoanLog­ics.

Fox mod­er­ated a Tech Lead­er­ship Panel at Tech360 and was a par­tic­i­pant on the Women in Tech­nol­ogy Panel.

“Com­pa­nies and con­sumers rely on se­cure tech­nol­ogy for such a wide va­ri­ety of ap­pli­ca­tions across many dig­i­tal plat­forms in­clud­ing au­to­ma­tion, por­tals, dash­boards, e-com­merce, so­cial me­dia,” she said. “No one can af­ford a breach.” To con­tact Busi­ness Edi­tor Brian McCul­lough, call 610-235-2655 or send an email to bm­c­cul­lough@dai­ly­lo­cal.com.

PETE BAN­NAN — DIG­I­TAL FIRST ME­DIA

While com­pa­nies like Tar­get can ab­sorb the losses from a data breach, the sit­u­a­tion can be fa­tal for small and medium-sized com­pa­nies, noted Austin Mor­ris Jr. of Mor­ris Risk Man­age­ment in Hunt­ing­don Val­ley, speak­ing dur­ing Tech360, a full-day sym­po­sium on data se­cu­rity held Fri­day at Penn State Great Val­ley.

PETE BAN­NAN — DIG­I­TAL FIRST ME­DIA

Staff and at­ten­dees lis­ten to speak­ers dur­ing Tech360. In ad­di­tion to ses­sions on cy­ber­se­cu­rity, pre­sen­ta­tions were made on Big Data, Ag­ile Devel­op­ment, Ro­bot­ics, Women in Tech­nol­ogy, and Hir­ing Tech Tal­ent. An In­no­va­tion Show­case also was held dur­ing the event.

PETE BAN­NAN — DIG­I­TAL FIRST ME­DIA

Jef­frey Lip­son, ex­ec­u­tive direc­tor of Layer 8 Se­cu­rity, speaks at Tech360, a full-day sym­po­sium on data se­cu­rity held Fri­day at Penn State Great Val­ley. Also speak­ing on the panel was Shawn Melito, man­age­ment con­sul­tant at NPC, cen­ter, and Dave Whip­ple, right, chief in­for­ma­tion of­fi­cer at Ap­ple Leisure Group.

PETE BAN­NAN — DIG­I­TAL FIRST ME­DIA

Rob John­son, chief ar­chi­tect of the Stealth Pro­gram at Blue Bell-based Unisys, speaks dur­ing Tech360, a full­day sym­po­sium on data se­cu­rity held Fri­day at Penn State Great Val­ley. Cy­ber­se­cu­rity should be like an onion, John­son said, with lay­ers un­der­neath the outer layer pro­tect­ing data.

PETE BAN­NAN — DIG­I­TAL FIRST ME­DIA

Hitesh Up­pal, tech­ni­cal pro­gram man­ager at NIIT Tech­nolo­gies, speaks about ro­bots and au­to­ma­tion at Tech360.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.