In coordination with Cybersecurity Awareness Month, APRO recently held a webinar – Essential Cybersecurity Practices: Ensuring Your Business is Safe from Attack. The featured speaker was Mark Kirby, a Cybersecurity Advisor for the Cybersecurity and Infrastructure Security Agency (CISA). A retired Air Force veteran, Kirby is CISA’s Cybersecurity State Coordinator for Arkansas, and works with critical infrastructure owners and operators to minimize information risk and measurably improve cybersecurity.
Kirby explained CISA is the federal government’s newest agency, established in 2018 and charged with a mission to lead the national effort to understand and manage risk for critical infrastructure – calling the agency “the nation’s risk advisor.”
“The ‘new normal’ has forced many organizations, large and small, to move toward a remote working environment,” Kirby began. “We’ve all added new technology to do that. Likewise, we’re continually adding ‘smart’ devices and apps to our technology repertoire. And the amount of information and data we store electronically continues to grow. The more we add to our lives digitally and the more we depend upon it to function, the more vulnerable we are to cybercrime.”
Many threat actors are rather sophisticated; according to CISA’s latest information, the average data breach costs $4.24 million and takes 287 days to identify and contain. But they don’t have to be sophisticated to be destructive.
“Anyone can download hacking software from the internet for free, and can learn how to use the programs through Google or YouTube,” warned Kirby. “All hackers, whether good or bad, use the same tactics and techniques to access your network. Most cybercrimes begin with some sort of malware – software intended to damage, disable, or give unauthorized access to your system.”
As potential entry points of network access, employees can be a company’s greatest strength or its weakest link. Malware can be loaded into a system by someone simply clicking a link in an email or on a sketchy website, or via devices like USB data sticks. To get into business’ system, cyber criminals will search social media, troll the Dark Web, dig for employee data, and send specialized phishing emails – in fact, over 90% of cyberattacks begin with such emails.
“We’re all sharing too much information on the internet,” Kirby asserted. “We’re making it easy for cyber criminals to do reconnaissance and learn all about intended targets. Have you ever gone to a place and they offer a discount for checking in on a social media platform? Don’t do it. Cybersecurity isn’t something just done at work; your own personal data is valuable to hackers, too. They use to it craft email specially designed to appeal to you, and if they get you to click a link, then the battle’s probably over.”
CISA offers many services designed for small and medium businesses, which might have fewer resources dedicated to cybersecurity, as well as a false sense of safety.
“Don’t believe you’re not vulnerable,” said Kirby. “I’ve heard it many times: ‘We’re too small, we’re not important.’ You are important, because maybe someone is learning to hack, and you happen to be an easy target. Or you may not be the direct target, but you may be connected with their actual target.”
Kirby offered several actions companies can take immediately to better prepare against cyber risks, including improved management of software patches and updates – enabling automatic updates; replacing unsupported operating systems, hardware, and applications; and testing and deploying patches quickly.
“Patching vulnerable software, if done consistently, would stop most hackers cold and significantly reduce risk,” Kirby attested. “And management of assets – people, information, technology, and facilities – is essential. You must know what you have, and keep it current, in order to protect it effectively.”
For more information about CISA and how it assists smaller businesses, click here. To receive access to the webinar and its resources for more in-depth preventative actions, please email us at firstname.lastname@example.org.
APRO wants to thank our corporate sponsor for this webinar, APRO Associate Member Centric, which provides technology solutions to meet rent-to-own needs.