Cy­ber­se­cu­rity a grow­ing field as crim­i­nals get cre­ative

The Norwalk Hour - - BUSINESS - By Chris Bosak

Whether their tar­get is a cus­tomer at a gas sta­tion, a re­tail chain, a large cor­po­ra­tion or even a ma­jor credit bu­reau, cy­ber­crim­i­nals are hard at work steal­ing money and in­for­ma­tion.

Cy­ber­crim­i­nals will steal more than $1.5 tril­lion in 2018 with the most suc­cess­ful thieves earn­ing up­wards of $2 mil­lion. Com­bat­ting th­ese cy­ber­crimes has be­come big busi­ness, as well, with global spend­ing on cy­ber­se­cu­rity prod­ucts and ser­vices top­ping $1 tril­lion over the next five years, ac­cord­ing to the re­search firm Cy­ber­se­cu­rity Ven­tures.

“The cy­ber­crim­i­nal in­dus­try is mas­sive,” Doug Kur­ing, a fi­nan­cial plan­ner with Reby Ad­vi­sors in Dan­bury, said. “It’s in the tril­lions of dol­lars. It’s scarier than ever, but there are things you can do to min­i­mize your risk.”

Bob Reby, founder of Reby Ad­vi­sors, said the threat has be­come so great that his firm has added cy­ber­se­cu­rity as the 16th met­ric to its Life­style Sus­tain­abil­ity Score­card, which grades a client’s over­all fi­nan­cial health.

“We added that com­po­nent be­cause we saw things like credit freezes that are steps you can take to pro­tect your­self. We used to not score it at all. Most fi­nan­cial plan­ners still don’t,” he said. “We do a lot of work on coach­ing peo­ple on cy­ber­se­cu­rity and how to con­duct them­selves at home.”

Owl Cy­ber De­fense, based in Ridgefield, counts among its clients de­fense, in­tel­li­gence and gov­ern­men­tal agen­cies, as well as util­ity and com­mer­cial com­pa­nies. It spe­cial­izes in data diode tech­nol­ogy, which cre­ates a oneway path for in­for­ma­tion and data to flow.

“They (cy­ber­crim­i­nals) can’t hack the box be­cause the data can’t go in the other di­rec­tion,” Scott Cole­man, di­rec­tor of mar­ket­ing and prod­uct man­age­ment at Owl Cy­ber De­fense, said. “It’s a par­a­digm change. In­stead of peo­ple reach­ing in, you push in­for­ma­tion out to whom you want to see it.”

Cole­man said fire­walls and sim­i­lar pro­tec­tive mea­sures are ef­fec­tive to a point but can be by­passed, and it’s of­ten too late by the time they rec­og­nize a threat.

Data diodes are highly con­trolled hard­ware that iso­late and pro­tect net­works from ex­ter­nal sources. The user se­lects only the in­for­ma­tion it wants to flow to a spe­cific re­cip­i­ent.

Cole­man said the Equifax data breach could have been mit­i­gated by the credit bu­reau if it had seg­ment­ing the in­for­ma­tion it stored and shared. The 2017 Equifax data breach ex­posed the per­sonal in­for­ma­tion of 143 mil­lion U.S. res­i­dents.

To mark Oc­to­ber as Na­tional Cy­ber­se­cu­rity Aware­ness Month, Cole­man will lead a lec­ture about data diode hard­ware from 6 to 7 p.m. on Thurs­day, Oct. 18, at Sa­cred Heart Uni­ver­sity. The talk is open to the pub­lic. This spring, the com­pany plans to hold a “Data Diode Day” at SHU.

Owl Cy­ber De­fense em­ploys about 85 peo­ple and is grow­ing to the point that the com­pany will move its head­quar­ters to a larger build­ing in Dan­bury by the end of the year.

“We’re in an ag­gres­sive growth strat­egy now,” Cole­man said.

Kur­ing said fi­nan­cial plan­ners at Reby Ad­vi­sors sug­gest their clients do three main things to pro­tect them­selves from cy­ber­crimes: im­ple­ment credit freezes, in­vest in credit mon­i­tor­ing ser­vices and ed­u­cate them­selves.

Freez­ing your credit with the three ma­jor credit bu­reaus — Equifax, Tran­sUnion and Ex­pe­rian — is a crit­i­cal step in pro­tect­ing per­sonal in­for­ma­tion, Kur­ing said. Both par­ents as well as grand­par­ents should freeze their credit, as cy­ber­crim­i­nals also tar­get the iden­tity of chil­dren and grand­chil­dren.

It can be in­con­ve­nient if a ma­jor in­vest­ment — such as a house, car or boat — is on the hori­zon be­cause the freeze would have to be lifted and reim­ple­mented, but it’s worth the ef­fort, Kur­ing said.

“If they can’t see your ac­count, thieves can’t ac­cess or spend your money,” he said.

Hir­ing a pro­fes­sional cred­it­mon­i­tor­ing ser­vice is an “af­ford­able way to build more se­cu­rity. Get at least the ba­sic pack­age,” Kur­ing sug­gested.

The Reby Ad­vi­sors web­site now in­cludes a sec­tion on cy­ber­se­cu­rity that in­cludes a Pow­erPoint pre­sen­ta­tion, blog posts and a check­list for pre­vent­ing fraud. The check­list in­cludes tips such as: be aware of sus­pi­cious phone calls and emails; don’t open email at­tach­ments from un­known sources; don’t use per­sonal in­for­ma­tion in pass­words; keep com­put­ers up­dated with an­tivirus and anti-spy­ware tech­nol­ogy; turn off Blue­tooth when not be­ing used; and limit shar­ing of per­sonal in­for­ma­tion on so­cial me­dia.

“No en­ter­prise or in­di­vid­ual can fully pro­tect them­selves,” Kur­ing said. “It’s about be­ing ed­u­cated, hav­ing an aware­ness. Don’t fall into their traps.”

Reby Ad­vi­sors will hold a cy­ber­se­cu­rity event fea­tur­ing au­thor Adam K. Levin, who re­cently pub­lished “Swiped: How to Pro­tect Your In­vest­ments, Credit and Iden­tity in a World Full of Scam­mers, Phish­ers and Cy­ber Thieves.”

The talk will in­clude Levin’s “three M’s” of cy­ber­crime pro­tec­tion: min­i­mize (risk); mon­i­tor and man­age. It will be held on Nov. 1 at Ridge­wood County Club in Dan­bury.

Chris Bosak / Hearst Con­necti­cut Me­dia

Scott Cole­men, di­rec­tor of mar­ket­ing and prod­uct man­age­ment at Owl Cy­ber De­fense, in a server room at his com­pany’s of­fice in Ridgefield.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.