It’s no longer if – It’s when
As cyberattacks escalate, local businesses work to be prepared
Posted at 12:01 AM Updated at 7:34 AM
Every day, Gene Wedemeyer goes to work at Adirondack Bank, and along with a team of network security professionals all tasked with varying duties, monitors the internal and external computer systems for employees and bank clients to guard against cyberthreats.
With cyberthreats becoming an increasing news headline, Wedemeyer, the IT security analyst in the risk management department of the Utica-based bank, said that sometimes maintaining an internal IT department can feel like running a business unto itself.
Adirondack Bank’s defense includes training (lots of it), implementation of employee computer policies and rules. All of this architecture can come with a weighty price tag, too.
This isn’t your grandma’s IT plan anymore, and all of this takes a lot of planning and investment, not just for banks, but other business sectors as well.
“According to statistics from the Department of Health and Human Services, over the past four years, the industry has seen breaches from theft, loss, improper disposal and unauthorized access decrease,” said Mary McGuirl, Director of Information Systems at Oneida Healthcare. “However, breaches due to hacking incidents are on the rise. For this reason, hospitals must maintain aggressive cybersecurity programs that quickly identify and mitigate emerging vulnerabilities.”
Others professionals agree.
“Brick and mortar businesses and how data is stored ... has really changed,” said Tim Duffy, vice president of Teracai in Syracuse, a technology solution provider business. “How do you make sure you’re protecting data? According to a report by Kaspersky, ransomware attacks on businesses increased from once every two minutes to once every 40 seconds in the first nine months of 2016.”
Even last week, U.S. Sen. Charles Schumer D-N.Y., called for more federal investments to beef up the state electric grids and protect power plants from future cyberattacks.
Duffy reports steady work as cybersecurity concerns are on the rise.
For folks at Teracai — who are tasked with coming up with solutions for businesses, hospitals and even government agencies — the solution isn’t just about uploading anti-virus software from a disk anymore. Hackers have sophisticated technology, which necessitates architectured defense in businesses that not only use desktop computers, but mobile and roaming laptops to get work done.
“There’s multiple fronts from which you have to protect,” he said. “It’s no longer hackers in a basement. They are looking to hold information for ransom or sell it (on the black market). ... It’s no longer if — it’s when.”
Duffy said some types of information can fetch higher prices, and he said if a threat is detected, the quicker you quarantine the problem, the better.
Some cyberattacks around the world have targeted hospitals and health systems, which raises the stakes even higher when patient health is at risk.
“As we get better at warding off attacks through one vector, criminals devise more insidious ways to attack through another,” said McGuirl in a statement. “Oneida Healthcare devotes considerable resources to its cybersecurity program. This involves routine assessment of environmental states, prioritization of remediation strategies, and implementation of controls.
“Equally important is the nurturing of a culture where the entire staff is aware of their responsibilities to maintain good cyberhygiene, such as proper identification of suspicious email, fake websites and the like,” she added. “We feel that a well-educated staff who cares about protecting patient data is the best defense against hacking attempts.”
McGuirl said Oneida Healthcare also takes advantage of support offered by state, federal and health care agencies when dealing with expected threats.
“For example, we were first notified of the WannaCry threat by the (New York state) troopers Cyber Analysis Unit,” she said. “The enormity of it caused numerous agencies to engage in a coordinated effort to prepare hospitals to identify and mitigate the risk. We participated in that effort.”
While the recent global hacking threat didn’t directly impact her hospital, it did serve “to further motivate the IT team, department managers and staff to double down on our efforts to hold the line against cyber criminals attempting to harm our institution and our patients.”
Again, an example of vigilance and planning.
And for people such as Duffy, that is how things need to stay.
“You have to be agile enough for business to grow, but don’t let that agility give you a false sense of security,” Duffy said.