Local cybersecurity panel says awareness, communication are key
JOE GARDYASZ Aug 12, 2015 | 8:15 pm
2 min read time
544 wordsAll Latest News, Innovation and EntrepreneurshipOn the heels of Tuesday’s news that five U.S. traders were arrested in a $100 million international scheme to sell corporate data stolen by Ukrainian hackers, Holmes Murphy & Associates hosted a breakfast discussion on steps that Greater Des Moines businesses can take to keep their data safe.
Panelists at the event included Iowa Insurance Commissioner Nick Gerhart, with Andy Neller, information security manager for Wellmark Blue Cross and Blue Shield; Mike Nell, vice president of technology with CDS Global; and Lt. Col. Jim White, chief information officer for the Iowa National Guard.
The risks are very prevalent, and often a breach may be inevitable regardless of the level of precautions taken, the panelists noted. Though that doesn’t negate the need for caution and vigilance, it also demands that companies plan for how to respond to breaches when they do happen, particularly in how customers will be notified and treated, they said.
“If you have a larger employee base, things are going to happen; people are going to click the wrong button,” Nell said.
“From our perspective, it’s really about how companies are going to treat their consumers who are affected,” Gerhart said.
Raising awareness of the dangers to the average business owner is probably one of the most important actions that must take place, Wellmark’s Neller said. “Where I’m concerned is that I don’t think people realize the sheer volume of attacks we see on a day-to-day basis,” he said.
Holmes Murphy prefaced the seminar with a clip from a TED video featuring remarks by James Lyne, global head of security research for Sophos, one of the world’s largest security companies. Lyne estimates that 30,000 websites are hacked daily and that about 80 percent of those websites belong to small businesses. Compromised websites are now the primary way that hackers infiltrate companies and use or steal their data, according to Lyne.
Gerhart said the Iowa Insurance Division is more closely scrutinizing cyber risk among the 240 insurance companies it regulates. He emphasized that the companies’ boards need to be engaged in the cyber risk assessment process and to understand the key assets they’re protecting and what’s at risk. They also need to notify the appropriate government agency if there is a breach to access the forensic capabilities available, he said.
From the Guard’s perspective, a large-scale cyberattack against key infrastructure in the state, such as an electric utility or water system, is the greatest threat, White said.
Neller said that familiarity with what’s normal for a corporate system provides a company a “home field advantage” by allowing users to detect unusual activity early. Smaller businesses and individual users should also pay attention to the basic “blocking and tackling” of updating security programs.
“As a small business, you need to accept (that security) is going to be a cost of doing business,” Neller said. “There’s going to be an investment, but it’s a required part of doing business.”
Gerhart emphasized that if a company does experience a breach, it should communicate with the appropriate state or federal office to seek forensic assistance in nailing down the breach.
For businesses that haven’t taken cybersecurity under serious consideration, a starting point is to conduct a cyber risk assessment, Nell said.
Holmes Murphy provides a free information security self-test on its website.
Trending News
