Lane Report
2gf1mTz
2gf1mTz
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
COVER STORY<br />
Prioritizing Cybersecurity<br />
Growing sophistication of attacks requires<br />
up-to-date, multipoint defenses and employee training<br />
BY ROBIN ROENKER<br />
DETAILS of cybersecurity<br />
breaches across government,<br />
education and<br />
industry sectors made<br />
headlines – repeatedly –<br />
over the past year, with no signs of slowing<br />
down. Yet despite the frequent<br />
incidence, 66 percent of companies<br />
report they are unprepared for a major<br />
cybersecurity attack, according to a<br />
national survey released in November<br />
by the Ponemon Institute.<br />
Last February, hackers breached the<br />
U.S. Department of Justice’s database,<br />
releasing personal information on 10,000<br />
Department of Homeland security<br />
employees and 20,000 FBI employees.<br />
That same month, the IRS announced<br />
that a 2015 breach compromised the<br />
information of some 700,000 American<br />
taxpayers, while the University of California-Berkeley<br />
revealed a<br />
records breach affecting<br />
80,000 students, alumni<br />
and employees.<br />
In October, Yahoo<br />
reported that a breach<br />
believed to have occurred<br />
in 2014 affected as many as<br />
500 million user accounts<br />
– one of the largest such<br />
breaches to date. On Oct.<br />
21, cyber attackers took<br />
down the internet for a<br />
Scott Logan,<br />
Technical<br />
Director<br />
of Security,<br />
NetGain<br />
Technologies<br />
large swath of the Eastern United States<br />
for most of the day, using a malware virus<br />
known as Mirai that attacks vulnerable<br />
internet-connected devices such as web<br />
cameras, DVRs and routers.<br />
As these high-profile cases make<br />
clear, today’s cyber attackers are highly<br />
sophisticated.<br />
“These attacks just keep happening<br />
over and over again. Businesses are very<br />
anxious, and even fearful,” said Scott<br />
Logan, technical director of security for<br />
NetGain Technologies Inc., Kentucky’s<br />
largest managed IT firm with offices in<br />
Lexington, Louisville and out of state.<br />
“Many of these attacks could not only<br />
force you to lose information, but they<br />
could also ruin your brand. If you’re a<br />
bank and you become breached, how do<br />
you assure your customers that you’re<br />
going to be able to protect their money?”<br />
The bottom line is simple.<br />
“Companies are going to need to<br />
invest in more technology to protect them<br />
from security threats,” said Brendan<br />
Jacobson, co-founder of NetGain Technologies.<br />
“It is just going to get worse.”<br />
It’s not necessarily that<br />
the attack tools are getting<br />
smarter; it’s the manner in<br />
which they are being used.<br />
Malicious players don’t<br />
even have to be highly tech<br />
Cody<br />
Shackelford,<br />
Systems<br />
Engineer,<br />
Data Strategy<br />
savvy, said Cody Shackelford,<br />
systems engineer with<br />
Data Strategy, which<br />
acquired Louisville-based<br />
boice.net this year.<br />
Basic malware or ransomware<br />
packages are readily available on<br />
the black market or dark web, he said.<br />
Attackers today are succeeding by researching<br />
a target company or agency to determine<br />
a weak link – for example, a “socially<br />
engineered” phishing campaign with an<br />
email that looks like it came from and is<br />
written in the style of a regular communication<br />
partner, perhaps even a coworker.<br />
Organizations can achieve very high<br />
levels of protection, though, by employing<br />
multiple levels of defense that<br />
screen all incoming digital traffic, that<br />
restrict anything that does get through<br />
to an individual work station, and especially<br />
that train workers in best practices<br />
for handling data, Shackelford said.<br />
Cybersecurity best practices<br />
Kentucky cybersecurity experts agree:<br />
The worst possible response to the<br />
increasing threat of cyberattack is to<br />
assume you’re not at risk.<br />
“For a long time, small businesses<br />
just didn’t feel like they were a big<br />
enough player to be worried about<br />
threats,” Logan said. “Their mindset<br />
was, ‘I’m not Chase Bank or Anthem<br />
(Blue Cross Blue Shield),’ and they<br />
believed they didn’t have to worry about<br />
THE LANE REPORT • LANEREPORT.COM DECEMBER 2016 21