Issue link: https://nebusinessmedia.uberflip.com/i/1175758
wbjournal.com | October 14, 2019 | Worcester Business Journal 15 I N F O R M A T I O N T E C H N O L O G Y F O C U S PHOTO/GRANT WELKER VISIT INTHINKAGENCY.COM/CONSULT TO BOOK YOUR ASSESSMENT NOW! REVENUE YTD: 98% CONVERSION RATE: 537% WEBSITE TRAFFIC: 116% A GUARANTEED RETURN ON YOUR MARKETING INVESTMENT βOR YOUR MONEY BACK! to blame for 80% of hacking-related breaches. But as cyber technology has changed in recent years, so have risks to users. Today, smartphone users can down- load a seemingly never-ending list of free apps, but they're sure to come with disclaimers requiring permission to allow the app to track the user's data, or access contacts or even photos. Websites regularly use cookies, tools tracking the browsing activity of users and making possible advertisements popping up on one website shortly aer a web search moments earlier. Cybersecurity and privacy experts recommend steps including research- ing reviews of apps and not download- ing those seeking access to files they don't need. Web users can choose to use private browsing to keep viewing history from being tracked. More oen, scammers dial phone numbers with what appears to the receiver as a very similar number to their own β a way to try deceiving the person into thinking the caller must be nearby, perhaps a neighbor. As companies and the security departments or firms they work with have increased their defenses, hackers have changed their methods as well. "It is an arms race. We do have an ebb and flow going back and forth," said Craig Shue, a computer science professor at Worcester Polytechnic Institute. "It almost feels like a compet- itive sport at times." Cameron Shilling, a privacy and information security attorney at the New Hampshire law office of McLane Middleton, gives an example how. e well-known customer information breach at Target led to credit card companies installing secure chips scanned in a way that makes data the nearly impossible, he said. at makes such attempts not so worthwhile for hackers. "Credit card the is just not lu- crative," Shilling said in an October meeting of e Communicators Club, a Central Massachusetts group for media professionals. Identity the has become more common, he said, because unlike a credit card, a person can't simply cancel and obtain a new identity. A hacker might not necessarily need to break into a major bank for vital finan- cial information, he said, but could find a weak spot with a small financial planners' office, for example. Municipalities can oen be easy tar- gets as well, Shilling said, because they store lots of personal information, aren't regulated like businesses are, and have very little money to spend on bulking up cyber defenses. Dozens of cases of municipalities large and small being hacked β and sometimes paying a ransom to get their data and security back β have popped in the last few years. Leomin- ster paid $10,000 in cybersecurity ransom in April 2018 aer a cyber attack on its school district. Regulation & enforcement Massachusetts has made cybersecu- rity a higher priority as cyber crime has taken larger financial costs at public entities and businesses. In April, the Gov. Charlie Baker Ad- ministration committed $135 million for a new security operations center for the state's digital assets, for vulner- ability testing of state IT infrastructure and statewide IT systems. Massachusetts is one of a few states in the nation, Shilling said, to have regulations in place on business cy- bersecurity, along with California and New York. e Data Breach Notification Law requires Massachusetts businesses and others owning or licensing personal information of Massachusetts residents to notify the state when they learn of a security breach. ey must also notify consumers whose information may have been compromised. Insurance companies have begun offering cybersecurity coverage, with Worcester's Hanover Insurance Group the latest to do so, announcing its new service in October. Enforcing charges against hackers can be more difficult. Hackers are oen overseas, in Eastern European countries, China or North Korea, where they're far harder for American officials to ever reach, Shilling said. Most fraud cases involve defendants in Nigeria, the Better Busi- ness Bureau said in its report. In September, the Federal Bureau of Investigation said it made 281 arrests in an international business email schemes, recovering roughly $118 million in fraudulent wire transfers. Of those arrests, three-fourths were outside the United States. Shilling and Shue are both optimistic about protective tools available, but they are cautious about how well businesses, other entities and individuals are keeping themselves safe. Shue suggests YubiKey, a small device plugging into a laptop's USB port and, with a tap of a finger or touch against a cellphone, ensures the person logging in is at the location where an account is being accessed. Shilling recommends protection systems FortiClient, LifeLock or Experian. But no protection can work if a business or person doesn't take steps to put measures in place, he said. He is adamant many don't place high enough of a priority on cybersecurity, estimating four out of five don't put information security measures in place. "You don't have to know how to do this," Shilling said. "You just have to find the right people who know how to do this." Dennis Serocki at Worcester construction firm F.W. Madigan regularly reminds employees to be careful with web security. 2016 12,005 $360.5M 2017 15,690 $676.2M 2018 20,373 $1.3B 2019 10,603 $750.3M Note: 2019 is through May Source: Better Business Bureau Email fraud costs Email scams are costing victims larger amount of money, according to a Better Business Bureau report in September, with the organization saying a majority of U.S. cases is still unreported. Number Reported Year of complaints losses Web app attacks 571 Cyber-espionage 289 Privilege misuse 277 Miscellaneous errors 222 Point-of-sale 207 Source: Verizon Media (2017) Cyber breaches Web apps were the most common source of breaches in America in 2016, according to a report by Verizon Media. Type Number of breaches W