ACCORDING TO New Jersey State Police Superintendent Col. Rick Fuentes, “The greatest threat to businesses is a cyber attack. Larger businesses have the finances and infrastructure to better protect themselves from these threats. Small- and medium-sized companies are more vulnerable.”
Last year, the healthcare sector accounted for roughly 40 percent of reported data breaches in the United States, according to the Identity Theft Resource Center. In February 2015, the second largest U.S. health insurer, Anthem, revealed that the personal information of nearly 80 million customers and employees was compromised in a cyber attack. The following month, Premera Blue Cross reported a breach of 11 million customers’ financial and medical records.
Cyber security firms report that stolen health data can sell for $20 to $50 per record in online black markets.
“Security of systems and data is a huge problem facing businesses today, and it’s not trivial,” explains CIANJ Board Member and Technology for Business Committee Chair Joseph Imperato Jr., partner, XSolutions Consulting Services LLC. “The problem is compounded because cyber attacks on businesses can come from many different sources, including ransomware and malware, targeted hacking, low-tech theft of machines and high-tech theft of data.”
What are the risks? How are the bad guys gaining access?
“A surprisingly large amount of attacks originate by attacking the weakest part of the equation, people, through what is called social engineering or tricking people to click on links or open attachments or even giving out their password,” adds Imperato. “Larger companies have more resources to combat these threats, but are still susceptible and smaller companies are even more at risk because their infrastructure usually isn’t as robust or managed properly.”
How can companies protect their computer systems?
“Companies need to educate their users on the systems they use and the risks associated with using them,” says Imperato. “For example, most users do not understand the reasoning behind complex password requirements. So what do they do? They write it down on a sticky note or store it on a text file on their desktop. Users are on the frontline opening e-mails, clicking links, using secured and confidential systems. They need to be let in on the problem so they can act as a line of defense and also a warning system to alert IT of potential issues. You never want to hear that your employee clicked a malicious link, but was scared to report it.”
How bad is the problem?
Experts say a single cyber breach can cost a company as much as $5.8 million on average, and more than 400,000 jobs are lost each year due to these losses.
“Cyber security is not just a national issue—it’s a local one that demands shared responsibility, collaboration, and constant vigilance across industries and sectors, especially in a digitally dense state like New Jersey,” says New Jersey Governor Chris Christie. “Our interconnectivity is one of our state’s strengths, but it’s also increasingly a threat for those who would seek to disrupt or harm people in our state.”
In early 2015, Governor Christie issued Executive Order 178 creating the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), comprised of members of the New Jersey State Police, Office of Homeland Security and Preparedness, and the Office of Information and Technology. The NJCCIC is responsible for sharing cyber threat information with federal, state and local entities, and private businesses.
“We encourage businesses to collaborate with the NJCCIC,” explains Col. Fuentes. “It’s available to any company at no cost, and participating businesses can be updated on the latest trends and threats to their computer systems.”
Tyler Cohen Wood, a former Defense Intelligence Agency senior intelligence officer and Cyber Deputy Division Chief, and the current Cyber Security Advisor to Inspired eLearning, a leading eLearning provider, gives her professional insight into the threats to look out for in 2016:
Transportation—“Hackers can gain wireless control of thousands of vehicles, and can control any function of the cars wirelessly—including killing the accelerator. Planes and trains are also at a risk for attack since planes operate on wireless networks and signal switches run train systems.”
Medical Devices—“Hospital equipment, including imaging and patient files, and personal medication dispensers have already seen hacks.” Hackers could gain access to pacemakers or insulin pumps, with potentially fatal consequences.
Internet of Things Systems—“From FitBits to Smart TVs to smart alarms, the Internet of Things includes anything that connects wirelessly to a home or corporate network. If you use a Smart TV at work, your corporation is opening its doors to hackers.”
“There are a lot of scary cyber threats out there, but by following IT best practices, businesses of all sizes can reduce the risk significantly,” explains Imperato.