Panel: 90% of cyber attacks are occasioned by human error, and they’re on the rise – NJBIZ

admin on February 22, 2021 Leave a Comment

Last summer, an employee at a New Jersey-based company used a personal USB device to download something off the company system and, without meaning to, injected malware that resulted in a ransomware attack on the whole system.

Perhaps he should have known better: according to Norris McLaughlin cybersecurity law Chair Rebecca Warren, he was the companys head of IT. Ninety percent of cyber attacks are occasioned by human error, Warren said as a panelist on NJBIZ Cybersecurity Panel Discussion on Feb. 16.

Though that statistic hasnt changed, the number of such occasions has. Theres been an exponential increase in phishing and cyber attacks since the onset of the COVID-19 pandemic, Warren said.

The uptick happened almost immediately and has been one of the focuses of the joint federal-state New Jersey COVID-19 Fraud Task Force launched in March 2020. Carbon Black released data in October showing a 238% increase in phishing scams alone, where bad actors send faux work-related emails to people within a company to get them to click on a link that imports malware into the system.

Warren was joined by Chiesa Shahinian & Giantomasi Privacy & Data Security and Corporate Securities Group Member Michelle Schaap, New Jersey Cybersecurity & Communications Integration Cell Director Michael Geraghty, PCH Technologies President and CEO Tim Guim, and Grid32 Cybersecurity President Seth Danberry.

Danberry is a self-proclaimed hackerthe good kind, he assuresand his company Grid32 Cybersecurity will hack into your systems to expose your cyber vulnerabilities. They wont hurt a thing, though.

We give them info on how it happened and how to avoid it, Danberry said. He does so with a pentest, short for penetration test. A pentest an authorized simulated cyberattack on a computer system performed exclusively to evaluate the systems security.

Those who dont take precautions and beef up their security run the risk of falling victim to ransomware, which is exactly what it sounds like: hackers lock a business system and require a ransom to rescind it to the owner once again. According to Carbon Black, a $50,000 minimum asking price is not uncommon, and the average ransom in 2019 was $111,605. But thats not the biggest or baddest: Tech news site BleepingComputer reported that hackers demanded a $10 million ransom from outdoor technology company Garmin after hacking into its systems in August 2020. Though Garmin did not confirm that it paid that ransom, it did confirm with BleepingComputer that it received a decryption key from its hackers to gain control of its system back.

NJBIZ Cybersecurity panel discussion, Feb. 16, 2021. From left: Michael Geraghty, director, New Jersey Cybersecurity & Communications Integration Cell; Michelle Schaap, esquire, Privacy & Data Security and Corporate Securities Group, CSG; Seth Danberry, president, Grid32 Cybersecurity; Rebecca L. Warren, member and chair of Cybersecurity Law Group, Norris McLaughlin; Tim Guim, president/CEO, PCH Technologies. NJBIZ

Though its one way to solve the issuemaybeWarren noted that paying the ransom doesnt guarantee hackers will give a key back to decrypt hacked information, and even if they do, what did they do with the information when they had control of it?

When you pay a ransom, you validate the business model, Geraghty said.

Panelists recommended security measures such as multi-factor authentication, which requires two separate pieces of information to gain access to a system, like a password and zip code. A passphrase can be more secure than a passcode, Danberry suggested; and keeping information on a cloud rather than in on-premise computers adds another layer of protection, according to Guim.

Guim recommended determining which data is most important to your company and building rings of security around it.

The best advice I can give to the audience is if youre a robber and you approach two houses, and you hear a barking dog [at one but not the other], youre going to go to the house without the barking dog, Schaap explained. Be proactive. Dont wait for the whenincidence response planning is critical.

And dont save it on the internet, she said. Because if youre hit with a ransomware attack, you wont have access to it. At CSG, they give out notecards, and have as many as you want, keep it in your glove box, by your desk at home, in your bag. Businesses want their employees to feel free to be candid: if they clicked on something, you want them to tell you. Then you can watch for any attacks, quickly respond, and recover.

Businesses that fall victim to cybercrimes can report them to the Internet Crime Complaint Center. While Schaap says that the feds might not be able to do anything about it, it allows them to compile a database of bad actors. They may be able to identify the bad actor based on how theyve attacked in the past.

See the original post here:
Panel: 90% of cyber attacks are occasioned by human error, and they're on the rise - NJBIZ

Related Posts
Posted in Internet Security

Comments are closed.