Issue link: https://nebusinessmedia.uberflip.com/i/1528357
22 HARTFORDBUSINESS.COM | OCTOBER 28, 2024 FOCUS | CYBERSECURITY Expert's Corner Businesses must stay vigilant to protect against cyberattacks By Justin J. Golden O ctober is national Cybersecu- rity Awareness Month. The Department of Home- land Security instituted this annual event through its Cybersecurity Infrastructure Security Agency (CISA) in 2004. The idea was to foster closer cooperation between the private and public sectors, as well as to create awareness about the importance of cybersecurity. This year's theme is "Secure Our World." The FBI's Internet Crime Complaint Center reported that the greatest cyberattack threat, over 60%, is phishing, which uses electronic means to target businesses, govern- ment and individuals. Bad actors use emails, texts and voicemails to convince users to click on a link, download an attach- ment or provide sensitive informa- tion without first verifying it is a legitimate request. They try to create the appearance that they are a trusted source. They send emails that appear to be from commonly known agencies, organiza- tions and businesses. Many major data breaches have occurred that acquired sensitive and personal information of millions of people, which can result in identity theft. For example, National Public Data (NPD), a nationwide data broker that performs background checks, confirmed in August that it suffered a massive data breach involving social security numbers and other personal information of millions of Americans, according to the USA Today. The bad actor was a prominent hacking organization, USDoD, that hacked NPD's database in December 2023, then leaked that information this spring and summer. So, what can businesses do to better safeguard their data? CISA recommends four ways to stay safe online. • Turn on multi-factor authentication, which requires a password and some other identifiable information before a user can gain access to a system or program. • Use strong passwords or pass- phrases that include upper- and lower-case letters, numerals and special characters, as well as a password manager to create and store these passwords. • Recognize and report phishing attempts. • Update software when prompted on your devices. Resources for businesses Statistics indicate the current cyberthreat landscape needs your attention. BankInfoSecurity reports that over half of small businesses are forced to close their doors within six months of a security breach. ZDNet found that it takes 197 days for most businesses to detect a breach on their network. Fireeye.com said that 77% of cybercrimes target small- to mid-sized organizations. Wombat Security reported that up to 90% of breaches can be avoided with quarterly employee training on cybersecurity awareness. There are free resources available for businesses that want to improve their cybersecurity safeguards. CISA provides guides and data about the current cyber landscape, while the Cyber Readiness Insti- tute is an initiative that convenes business leaders across industries and geographic regions to share resources and knowledge for devel- oping free cybersecurity tools for small- and medium-sized businesses. The bottom line is, businesses must constantly remain vigilant to ensure bad actors aren't figuratively looking over their shoulders. Justin J. Golden is the co-founder and chief operating officer of Water- town IT company Golden Technology Services Inc. to build defenses and being able to build solid ways that you can defend against attacks. At the same time, in the wrong hands, you can use it as a hammer as an offensive weapon." He said companies are using AI to look for weaknesses that hackers could exploit, enabling them to work proactively to address problems before they occur. Another issue, Williams said, is that AI is relatively easy to hijack. By the time students graduate, they have substantial knowledge in cyber engineering and defense strategies, penetration testing, vulnerability management and compliance with cyber-related laws, Leigh said. "As a result, students are very prepared to join the workforce and immediately put hands-to-keyboard and begin adding value," Leigh said. Top concern Businesses consistently list cyber threats as a top concern. The 2024 Travelers Risk Index found that the percentage of companies that have suffered a cyberattack (24%) rose for the eighth time in nine years. The Travelers study also found that a record number of businesses (62%) said they worry "some or a great deal" about cyberattacks. Between August and September 2023, a highly publicized ransomware attack on Prospect Medical Hold- ings crippled the company's three Connecticut hospitals — Manchester Memorial, Waterbury and Rock- ville General — and their affiliated medical offices. The 40-day breach forced two of the hospitals to divert ambulances from their emergency rooms, and prevented the healthcare system from billing Medicaid. Also, many patients had elective procedures canceled, and facilities were unable to perform X-rays and CT scans at times, the CT Mirror reported. In early October, a cyberattack hit the largest water utility in the United States, New Jersey-based American Water. The company was forced to pause billing, suspend customer service and disconnect some of its computers following "unauthorized activity" on its network, according to Reuters. Many of the cyberattacks in the United States stem from gangs of cybercriminals, often stationed abroad, who deploy ransomware that encrypts data and instructs victims to pay a ransom via cryptocurrency in order to regain access. When a business refuses to pay the ransom, the intruders may threaten to sell the stolen data in an auction. Rhysida — a cyber gang that targets the education, government, manufac- turing and technology sectors — took credit for the Prospect Medical inci- dent, according to Axios. The group has also hacked the Chilean Army and Kuwait's Ministry of Health. Cybersecurity Continued from page 21