CYBERCRIME IS ON THE RISE, draining about $500 billion a year from businesses worldwide. In fact, bad actors—both foreign and domestic—make cyberspace one of the most dangerous neighborhoods, and yet security precautions remain inadequate to the risks that we now face.
CYBER THREATS TARGET BUSINESSES
“Companies need to educate their employees about the risks,” says Tyler Cohen Wood, a former senior officer and cyber branch chief for the U.S. Department of Defense’s Defense Intelligence Agency (DIA). She is now cybersecurity advisor for Inspired eLearning, LLC, an IT learning management systems and compliance training company.
“It is critically important for C-level executives to have a good understanding of their organization’s cybersecurity readiness, capabilities and weaknesses and employ a full security awareness training program for all employees at every level,” she says. “Ensuring that you and your workforce know the latest threats and countermeasures will help protect your company from falling victim to the latest hacks.”
“Any business that stores a large volume of personal data is a potential target,” says cybersecurity expert Eric Cole, who was cybersecurity commissioner for President Barack Obama. “The bad guys are ahead because their job is easier—they only have to find a single vulnerability in a system and they’re in.”
The CEO of Reston, Virginia-based Secure Anchor Consulting, Cole is the former chief technology officer of computer security company McAfee, and former chief scientist of aerospace, defense and technology giant Lockheed Martin.
“Companies can reinforce good habits by making the security matrix a Key Performance Indicator that’s part of an employee’s bonus,” explains Cole. “Other firms opt to limit functionality— they don’t allow e-mail attachments, and don’t allow embeddable links— but that can reduce employee effectiveness.”
Cybercrime has become so wide-spread that it may not be possible for any business—large or small—to avoid being a target. A virtual army of hackers and sophisticated crime rings are working around the clock to overcome known protections.
Michael Mullin, president of Integrated Business Systems, offers two recommendations: incorporate a business-class firewall and proper updates; and implement advanced end-point protection.
“Firewalls act as the frontline defense against hackers, blocking everything not specifically allowed to enter or leave a computer network,” says Mullin. “Like systems and applications, firewalls need ongoing monitoring and regular updates as part of a company’s routine IT maintenance.”
End points are personal computers, network servers and other devices connected to the Internet.
“When they are exposed, systems and data become vulnerable,” explains Mullin. “Unlike traditional anti-virus solutions, advanced end-point protection platforms do not require prior knowledge of an attack to detect and remediate it. They apply machine learning and artificial intelligence to continuously outflank attackers. As such, they are even ready to stop threats that do not yet exist.”
NJIT/WOZ U: CYBERSECURITY CONTINUING EDUCATION
On May 30, 2018, technology-based education start-up Woz U announced a partnership with NJIT that will enable the university to offer Woz U’s refined Cyber Security and Software Developer programs to companies, so they can upskill their workforces and remain up-to-date with the latest computer programs, practices and procedures.
“Our agreement with Woz U will expand our capabilities in the area of workforce development within the critical sector of cybersecurity,” explains NJIT President Dr. Joel S. Bloom.
The agreement brings software and cyber security training to corporations with online courses that provide a mentored, immersive and project-based experience. The partnership emboldens NJIT to directly address the challenges companies face to remain current in the latest technology advances.
NJIT now can facilitate tailored programs with Woz U’s curricula to equip individuals with the resources needed to prepare for innovative technology initiatives at their company. The collaboration will prepare company’s staffers to grow into technology leaders in their organization and cultivate a more in-depth, tech-minded workforce as businesses enter the next era of computing.
“Our partnership with Woz U emphasizes the importance for business to formulate an offering that encourages their personnel to expand their knowledge and remain current with the newest advancements in the tech industry.” says Dr. Gale Tenen Spak, associate vice president, Continuing Professional Education for NJIT.
DIGITAL HUB CYBERSECURITY’S MOU WITH NJIT
On the third day of his October 2018 economic mission to Germany, New Jersey Governor Phil Murphy toured Digital Hub Cybersecurity’s physical lab system in Darmstadt. Digital Hub Cybersecurity is Germany’s leading innovation community of cybersecurity start-ups, founders, coders, investors and scientists.
During the visit, Governor Murphy was a witness to the signing of a Memorandum of Understanding (MOU) between Digital Hub Cybersecurity and the New Jersey Institute of Technology (NJIT). Under the MOU, the two entities will facilitate joint research, exchange information, and make experts available for joint projects.
In his remarks during the signing, and at the subsequent business roundtable, the governor cited Cybersecurity Ventures, which predicts global cybersecurity spending will exceed $1 trillion from 2017 to 2021, and noted, “With attacks on our critical national and international infrastructure sparking regular headlines, the need for the protections offered by cybersecurity firms are exponentially on the rise.”
U.S. NATIONAL DEFENSE
Cybersecurity is also a national defense issue, as the U.S. Department of Defense (DoD) has explained in its unclassified DoD Cyber Strategy and Cyber Posture Review. The document calls for using cyberspace to amplify military lethality and effectiveness; defending forward, confronting threats before they reach U.S. networks; proactively engaging in the day-to-day area of power competition in cyberspace; protecting military advantage and national prosperity; recognizing partnerships are key to shared success in protecting cyberspace; actively contesting the exfiltration of sensitive DoD information; embracing technology, automation and innovation to act at scale and speed; supporting the defense of critical infrastructure; and recruiting, developing and managing critical cyber talent.
DoD’s long-term objectives for cyberspace include ensuring the Joint Force can achieve its missions in a contested cyberspace domain; enhancing Joint Force military advantages through the integration of cyber capabilities into planning and operations; deter-ring, preempting, or defeating malicious cyber activity targeting U.S. critical infrastructure that is likely to cause a significant cyber incident; securing DoD information and systems, including on non- DoD-owned networks, against cyber espionage and malicious cyber activity; and expanding DoD cyber cooperation with allies, partners and private-sector entities.
CYBERSECURITY BEST PRACTICES CONFERENCE
At a recent panel session hosted by Chubb Cyber, cybersecurity experts gathered to discuss real-life cybercrime examples and anecdotes. They also offered some best practices that individuals and businesses can take to safeguard their personal information against some of today’s biggest cyber risks. Chubb Cyber offers underwriting and expert third-party incident response services for companies faced with cyber incidents.
The panel—led by Chubb Cyber Senior Vice President, Cyber and Technology Product Lead in North America Patrick Thielen—included experts from ADT, Carnegie Mellon University and CyberScout:
- Technical Director of Cybersecurity Risk and Resilience at Carnegie Mellon University, Summer Craze Fowler, where she is responsible for a team and portfolio of work focused on improving the security and resilience of the nation’s critical infrastructure and assets.
- ADT Cybersecurity Vice President Michael Keen, who is leveraging ADT’s long-held knowledge and experience in security and 24/7 monitoring to better protect customers against cyberattacks.
- CyberScout Chairman and Founder Adam Levin, author of the critically acclaimed book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.
“Global economic costs of cybercrime are rising into the trillions of dollars annually,” said Thielen. “A large portion of that falls squarely on the shoulders of consumers.”
According to industry data, there have been more than 8,000 reported data breaches of businesses in which more than 10 billion consumer records have been compromised since 2005. In addition, 64 percent of American adults have been victimized by one or more of these breaches.
Those stats further underscore the vulnerability of our society. According to the recent 2018 Chubb Cyber Risk Survey, 86 percent of respondents reported being concerned about cyber incidents, but most underestimated or were unaware of the most common cyber threats—and very few were taking basic precautions to mitigate cyber risk.
“As consumers, we weren’t prepared for it, didn’t ask for it, didn’t want it, but we have it,” said Levin, speaking of cybersecurity issues. “As a result, it is incumbent upon all of us to work together, for businesses and government to help educate consumers, for consumers to educate ourselves and to be willing to take the extra steps.”
“The cybersecurity industry is evolv-ing and maturing,” explained Fowler. “When we buy a car, we know that it has airbags and anti-lock brakes; when we buy a lamp and plug it into the wall, we know that it’s not going to catch on fire. It is time for individuals, companies and the government to establish best practices, so that when we buy something that connects to the Internet, we know it has certain cyber protections.”
Keen noted that, according to AV-TEST, more than 350,000 strands of malware are created every single day.
“The point of emphasis here and the reason why there’s so much cybercrime is because it’s easy and because it pays. If you are not evolving at an equal pace, you’re continuing to be left at risk.”
The proliferation of Internet of Things (IoT) devices also adds a new layer of threat to privacy and data protection. “What we know about cyber criminals is they’ll always take the path of least resistance,” said Keen. “What we’re seeing is the vulnerability of your network is really the strength of the weakest device on your network.”
And there is a huge financial impact. Fowler points to data from the Identity Theft Research Center: over the past year, 26 percent of people who were impacted by a breach had to borrow money from a relative or friend; 22 percent had to take time off of work; 15 percent had to sell some possessions in order to pay back losses; and 7 percent of people actually took out a payday loan.
The panel shared cost-effective ways to help prevent cyber risks and what people can do to protect themselves, their families and their employees. “We boil it down to three M’s— minimize, monitor and manage,” said Levin.
“It is about minimizing your risk of exposure through adopting best practices, monitoring your accounts effectively and comprehensively, and managing any damage, such as ID theft or stolen accounts that might occur.”
Other ways people and businesses can protect themselves, include educate yourself and discuss cyber safety with your family on a regular basis; assess the validity of links, attachments, texts and phone calls prior to interacting with them or divulging information; ensure good password hygiene: use long, strong passwords or passphrases, and do not use the same passwords across multiple platforms.
Consider using password software to help with these actions; enable two-factor authentication (where available); stay away from public WiFi if you are involved in sensitive transactions; and when you do use public WiFi, do so via a Virtual Private Network.
Enable the security features built into your network router, such as updating the default passwords and setting up a guest WiFi for people visiting your home; use security software (e.g. antivirus, firewall), and always install security patches and firmware updates; back up important files to an offline device, such as a thumb drive or external hard drive; and be mindful of your credit score, and ideally monitor and manage the credit of yourself and your family.
Thielen added, “Cyber insurance for business has existed for about 20 years now. There are several products in the market that offer cyber protection to individuals that cover a range of exposures, including financial fraud, extortion, ransomware, as well as a variety of victimization types of coverage, such as privacy breaches, cyberbullying and even cyber disruption.”