Based on data provided by the tech firm HM Government, 60% of small businesses will experience a cyber breach. To make sure owners of small and mid-size businesses don’t end up as another statistic, the U.S. Chamber of Commerce along with the S.C. Chamber of Commerce and SC Cyber hosted a Cybersecurity Summit Tuesday in Columbia to provide tools needed to prevent a breach.
“Risk management is an everyday reality. But through awareness, education, and public-private partnerships, we can turn cyber challenges into opportunities to innovate, create jobs, and grow the economy,” said Ann Beauchesne, senior vice president for National Security and Emergency Preparedness at the U.S. Chamber. “South Carolina is a leader in cybersecurity. The U.S. Chamber will take what we’ve learned from industry leaders in Columbia and throughout the state, and we’ll make sure Washington hears what businesses need to be more secure and resilient.”
In her opening remarks, Beauchesne mapped out the three main threats businesses face when it comes to cybersecurity: ransomware; business e-mail compromise (BEC); and internet of things (IoT).
Ransomware made major headlines last week when the “Wanna Cry Virus” infected more than 200,000 computers globally. Beauchesne said these types of viruses come from not backing up files. “Basically, the bad guys will encrypt your files, not allowing you to access anything until you pay a certain amount.”
Beauchesne said the FBI recommends not paying the hackers, because they are more likely to continue doing it, but she sees where some businesses don’t have a choice.
“Sometimes, it’s a really low threshold, like giving Amazon gift cards, and people are tempted to pay,” Beauchesne said. “But I can understand places like hospitals where they must have their data.”
BEC involves hackers sending e-mails to employees posing as a boss or administrator. Most times they ask the person to wire money or pay a vendor, and immediately that money goes out the door.
“(BEC) is hard, because employees are doing this of their own accord, nobody is strong-arming them to make a payment,” Beauchesne said. “Many times these attacks can be avoided if the person just checks and verifies that the e-mail is legitimate. We caution people to slow down, take your time and be diligent.”
The third most common attack is internet of things, which uses anything you have online as a vector to get to your information. It can also affect software that controls data acquisition such as those at nuclear power plants, dams and other major manufacturing.
It’s estimated that by 2020 as many as 15 billion devices will be connected to the internet, an attack on a manufacturer’s industrial controls system could impact the entire production system.
Beauchesne said IoT is less about the general public, and more for larger companies. She said most companies have known about potential problems and have started going offline.
Eric Goldstein, Branch Chief, Partnerships and Engagement, Office of Cybersecurity and Communications for the U.S. Department of Homeland Security said the key is to know the risks involved when dealing with your business.
“We must remember that cybersecurity risk does not happen in a vacuum,” Goldstein said. “These are people breaking laws and causing damage. We have to think about making it harder for these people to commit crimes. Why might someone want your data? That helps you think about what to protect.”
Speakers offered a few tips to make it tougher for someone to breach computers at small and mid-size businesses:
- Make sure the software your business uses is up to date.
- Have employees rotate passwords every three-to-six months.
- Employee training.
- Creating security protocols.
- Allocating the appropriate budget to fight against cyber attacks.
“When our data is secure, businesses can grow. Cyber security means job security, and South Carolina is leading the way nationally on information security innovation,” said S.C. Chamber of Commerce President and CEO Ted Pitts.