Panel warns Chamber Breakfast Series attendees about Cyber Security threats
Part of the proceeds from the breakfast series was donated to Pellissippi State Community College, said Julie Blaylock, FWKCC president/CEO.
The breakfast series used a panel of speakers, moderated by Charles Nelson, lead instructor with PSCC’s new cyber defense study program, to address “Cyber Security.” The panel was made up of Daniel Damron, special agent with Federal Bureau of Investigation’s Knoxville Cyber Squad; Bill Dean, senior manager of LBMC Information Security Services Division; Joe Littleton with EdSouth at SouthEast Bank, and Mark McKinney, engineering supervisor with First Utility District.
“I just learned some new valuable techniques that we can employ on our networks to be more proactive in protecting the health information that’s on our systems,” said Michael Green, critical applications manager with Provision Health Partners.
For Joe LaCroix, information technology manager for Town of Farragut, the panelists’ information was “more of a reiteration of what I’ve already known.
“I’ve been doing security for 20-plus years,” he said. “It was a reiteration of good practices and training.
“We have to train our in-users,” LaCroix said, referring to the Town’s internal clients, users who log into the network.
All in all, the panelists agreed businesses and individuals should:
• Back up information on an outside source, such as an external hard drive and do not have that source continuously connected to the computer. If left connected, a hacker can get into the external hard drive.
• Do not open an attachment or link in an e-mail unless you are sure of the sender. “Not clicking will stop 95 percent of the occurrences,” Damron said.
• Train employees of what to look for with e-mail links and attachments.
• Have a plan in place in case of a breach and practice the plan.
• Use multi-factor authentication, which is a method of computer access control where a user is granted access only after successfully presenting several separate pieces of evidence to identify them as the user.
• And, do penetration testing to make sure your computer systems are secure.
Damron said cyber hackers are more sophisticated than people think.
“These are not kids in a hoodie scanning the network,” Dean warned. “It’s big business. Five billion dollars was lost [in e-mail espionage].”
Damron said many criminals are hacking into computers to find information they can use to blackmail or “ransom” a business or “sell on the dark web.”
While he said the FBI does not advocate paying the “ransom” to get back information from the hackers, Dean and Littleton said people would pay because they have no other recourse and want to get back their information.
“It’s probably because people don’t back up their systems offline,” Littleton said. “It’s hard not to tell people not to pay the ransom.”
Many of these criminals are from countries, such as Russia, China, Syria and Nigeria.
These breaches even can affect nuclear plants, such as one in Iran, where a plant lost 20 percent of its centrifuges because of a hacker, Damron said.
“And, Syria hacked into a Twitter account and reported bombs going off,” he said, adding that hacking caused the stock market to take a dive. “There was $130 billion in equity that was lost.”
Littleton said his bank has to stay ahead of the breaches.
“We have to assemble a response team if there is a significant breach,” he said.
“The big problem is email compromise,” Littleton said and Damron warned about “social engineering,” where a criminal will talk a victim into something, such as sending information or money.
Many times businesses such as his find out about the breach from a third party, Dean said.
“Sixty-seven percent was the number of companies that were notified by a third person,” Damron said.
FUD uses a company to monitor its system for breaches, McKinney said.
“Last year, there was a hack [at a different utility district] that shut down grids,” he said. “We are seeing more of that. We are constantly working to make sure that doesn’t happen to us.
“People are hearing more about Internet breaches, such as the ones that affected Equifax and Target.”
“Nowadays, businesses are required to let [customers] know about data breaches and have to let [FBI] know,” Damron said. “The objective is to notify people affected before media find out about the breach.”
When the media report the breach first, he said, “It looks like [the businesses] are hiding something.”