YOUNGSTOWN, Ohio – Cybersecurity breaches can affect all companies, regardless of their size.
At a panel discussion Nov. 2, five industry experts discussed the threats facing companies as well as possible solutions.
The event took place at The Grand Resort in Howland. It was presented by Executive Computer Management Solutions Inc. (ECMSI), based in Struthers. Sponsors for the event included Pax8, Executive Web Management LLC, Allworx Co. and Cynet.
The panelists were Lacy Rex, cyberstrategy leader at Oswald Companies; Dave Galioto, service manager at ECMSI; Ralph Blanco, CEO and owner of ECMSI; Bryson DeWitty, account executive at Pax8; and Greg Bennet Sr. security solutions engineer at Cynet.
Oswald Companies’ Rex laid the groundwork for the panelists by shedding light on the importance of cyber insurance.
Ransom incidents typically last an average of 24 days, she said, and cost small and medium businesses an average of $170,000 and large companies $15.4 million.
For this reason, Rex said it’s essential to make sure an incident response plan is in place and insurance renewals are kept current.
One of the most critical ways to protect your company is multifactor authentication, Rex said.
“Even in your own trusted environment, there needs to be some sort of multifactor authentication in those privileged accounts,” she said. “Having those kinds of controls in place is critical.”
Rex said ransom events have decreased, but there still is a lot of phishing taking place. And some industries are being impacted more than others.
“We are seeing quite a bit in the public sector space and health care,” she said. “It seems like education unfortunately is getting hit very hard.”
Rex said she often hears clients say they don’t fear becoming a target because their businesses are small and located in Ohio.
“[Cybercriminals] are scanning the Internet looking for vulnerabilities. So it doesn’t necessarily matter where you are located,” she said. “Is there an opportunity to exploit your network and then monetize that in some way.”
Damages Increase Over Time
When it comes to traffic flow management, ECMSI’s Blanco says there are three major components to look at – the first line of defense being a firewall, followed by switches and access points.
These components particularly become important when determining the repercussions of network downtime.
Blanco said it is important to establish what is the longest time you could be down, as more than data is at risk. Oftentimes, he said he sees companies that are down weeks or months before stats return
“What is the longest you can be down is really the conversation you need to have internally,” he said. “You need to make sure you are testing that.”
The real key is how to recover, added Blanco.
“At the end of the day, our recommendation is standardize everything,” he said. “Reduced variables help you reduce complexity and helps you minimize the amount of issues that you’re going to have in your network.”
Although cheaper fixes may work for a while, Blanco said it is best to avoid the productivity issues altogether and invest in quality protection. Additionally, keeping up with issues may impact insurance availability.
Efficient monitoring of security risks will give the user a “bird’s-eye view” to help them quickly determine issues, said Blanco. “We’ve seen so many companies that have neglected their environment for so long,” he said.
Blanco said he has seen many newer companies with old routers, switches and other equipment with problems that have gone on for so long that it takes up to a year to fix.
“The problem is it took them a decade to get into this technical debt,” he said.
“It’s like any other debt – you can’t just get yourself right out of it. You have to stay on top of it to prevent yourself from getting into that debt.”
Establishing a five-year equipment plan is one suggestion that Blanco makes. “It’s like putting locks on the doors,” he said.
Covering Many Bases
Pax8’s DeWitty works with about 25,000 partners internationally in his Microsoft Office 365 Security work, enabling him to see best practices across the industry and help others replicate them.
“I think advanced security is something we don’t talk enough about and I think you could find a lot of use in the native tools that Microsoft has,” said DeWitty.
While certain price points may not be for everyone, he believes it’s a worthy investment.
“I believe it is cheaper to mitigate risks on the front side than it is to fix it on the back side,” he said.
DeWitty reiterated that it is not always about the size of the business – it’s about vulnerability and minimizing liability.
“I think if you follow a framework – a set of controls you can rinse and repeat across your whole environment – it’s going to make the conversation a lot easier,” he said.
“There are a lot of needed tools that even the most strategic partners that we work with aren’t fully leveraging,” he added.
A recent survey of approximately 200 CIOs with between 500 and 10,000 users in their business revealed they had IT teams with less than five people, DeWitty noted.
“Five hundred to 10,000 users being managed by five IT – they’re running around with their hair on fire,” he said.
Barriers to Security
Cynet’s Bennet said there are three main barriers for effective security: lack of skilled security personnel, excessive manual data analysis, and remote workforce – which has increased since the pandemic.
The remote workforce often uses networks outside of the companies “castle walls,” that do not have the same level of safety.
“We are the safety net,” he said. “We can run detection programs. We can run algorithms and see what’s going on, and find vulnerabilities.”
Since the average response time for cleanup of a ransomware attack is two weeks, Bennet said a lot of money is lost in opportunity cost alone.