Losses from cyber-attacks will cost the world over $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures. Attacks and threats are increasing each month. Cybercriminals are never idle, continually dreaming up new ways to attack our facility networks to steal data or money.
In February 2019, there were nearly 700,000,000 records breached and 30,000 records stolen per minute, according to IT Governance. In one case alone, 127,000 personal data information records were put up for sale on the Dark Web. Hospital medical records are being ransomed, bank account information deleted, medical MRI records altered to show tumors on x-rays or MRI scans, or removing those records from the file entirely. There have been government sites attacked, revealing federal law enforcement officers’ personal data, putting them and their families at risk. Phishing attacks are up over 60% in 2019 over 2018. There are massive attacks on financial institutions and the new cryptocurrency exchanges and platforms.
These threats must be addressed, especially as attacks expand beyond typical cracking, ransomware, phishing or social engineering, DDoS attacks and cross-site scripting.
It is critical that best practices methods of precautions that should be taken to establish a well-functioning cybersecurity plan. There are many facets to a good cybersecurity plan. You must address employee training and education to ensure that the people with access to your network realize the threats facing the organization and what their responsibilities are as part of your corporate team to reduce known threats. You should understand how to utilize VPNs and the differences in the various types available, as well as the limitations of those devices for your various work-related devices, including employees’ and executives’ personal devices.
New security software is available that has the ability to restrict many of the security issues before they can negatively impact your network. It is critical that you understand the differences in the various software so that you can choose the products that match your specific facility risk profile.
You should also address low-hanging fruit, such as commonly known vulnerabilities on off-the-shelf products and software. For example, 30 percent of WordPress webpages have been breached by utilizing hacking tools available for free on the dark web. It is imperative that you understand and utilize correct firewall web application software as well as real-time malware scanning tools.
In addition to understanding the multiple methods of attack, types of virus or malware, web security software and procedures, it is also necessary that understand and have a comprehensive restoration plan to restore your facility critical network after an attack. There is no amount of money that you can spend establishing your web security that will come close to what you will spend to repair a breach and restore the lost data or damage to networks that were attacked due to your inadequate network security.
Global Security Exchange (GSX) is the source to learn about all of these emerging technologies and challenges within the security space. The concentration of subject matter experts on everything from cybersecurity to personnel management means that you will have the opportunity to be exposed to what is next in the industry regardless of where you are in your security career. The sheer size of the trade show floor and the volume and variation of speakers matched with the latest in emerging technology means that you will experience innovation from multiple vantage points.
Want to learn more about the emerging cybersecurity threats and strategies? Please join us for our session on Critical Cyber Threats to your Facility in 2020, which will address the current and predicted risk to your facility network with a team of award-winning international experts in cybersecurity of Werner Preining, Ron Lander and Keith Flannigan at GSX Chicago. Register for GSX 2019.
Keith Flannigan
Keith Flannigan, Ph.D., CMAS, is the executive director of a crisis management agency specializing in counterterrorism, communication, and information security. He has conducted 119 international hostage recovery operations and designs security and response programs for clients with known security risks. With more than 40 years of experience in the law enforcement and intelligence fields, Flannigan has written and instructed in law enforcement curriculums dealing with technical surveillance; crisis, cyber, terrorist, and biochemical incidents; financial crimes; and physical security for the county and state academies and the Federal Law Enforcement Training Center. He serves ASIS as chair of the Information Technology Service Council He has also been a Regional Vice President, a Chapter Chair, and a member of the ASIS Critical Infrastructure Working Group. He sits on the board of the International Society for Anti-Terrorism Professionals and on the Anti-Terrorism Accreditation Board.