Technology is supposed to help owners of businesses of all sizes be more productive, and in turn, be more profitable. The trouble some Northwoods business owners are facing, they found out on Aug. 22 at Nicolet College, is this same technology is increasingly being used by hackers to attack and steal from them.
At a presentation last week entitled “Cyber Security Tactics for Northwoods Businesses” at Nicolet College’s Fieldside Center presented by Grow North, Rimon Moses, CEO of RMM Solutions, told these business leaders that business is booming for the hackers, with hackers spending 10-times what their targets in the U.S. spend annually on cyber security.
Moses, was joined by Jackie Edwards, director of marketing for RMM Solutions.
‘We are always under attack’
Edwards started the presentation by showing a computer display RMM Solutions generates which tracks cyber threats world wide, including their origin point and their targets.
“This is what’s called a threat map,” Edwards said. “And basically, what this is doing is showing us all the different threats that are coming into the United States right now. And the really scary part about this is it’s about a third of what is really happening out there.”
She said over the course of the day, the pace of the cyber attacks increases, but even at its lowest point, the map shows “we are always under attack.”
“Our personal belief is a layered security approach to things because I don’t think that there is one solution or one thing you can do, or two,” Moses said. “You need to continue to layer as the threats continue to change.”
He said the number one question his company gets from customers is how does the company invest in technology and pay for it.
“That’s a big deal because technology is expensive, so we have ways to help people do that,” he said.
Using his cell phone, which Moses said he rents, as an example, he said technology is increasingly moving in the direction of renting services such as his company offers. He said the most important technology expense for a business is its cyber security.
“How many of you are comfortable with the security that you have? That’s a serious question,” Moses said. “Does anybody really feel comfortable with the security of your organization or your personal security and that stuff?”
He said there are five myths about cyber threats that companies need to know about:
• Hackers only go after large companies.
• Small business don’t offer anything of value to hackers.
• Most hackers aren’t dangerous; they’re just teenagers.
• Law enforcement will protect me from a cyber attack.
• Hackers are not well funded.
Moses said believing any of these myths can leave a company open to threats such as ransomware, malware or the theft of data.
Myth: Hackers only go after large companies
In dispelling the first myth, Moses said that 43% of cyber attacks target small businesses.
“That’s a lot, 43%. So if you think about the large number of enterprise businesses that are out there, they employ a lot of people,” he said. “Like G.E. (General Electric) employs hundreds of thousands of people. They (hackers) do go after those guys, and they go after them hard. But only 57% of the time are they going after those companies.”
He said companies in the Northwoods are easy targets for hackers.
Myth: Small business don’t offer anything of value to hackers
Moses said the second myth persists because small businesses don’t know how much valuable information is stored electronically.
“Small businesses and people like us have a lot of information,” Moses said. “We have personal data, social security information, we sometimes have credit card information. Everyone in all organizations is involved and has a lot of connection outside of our business or organization; if they can tap into us, they can tap into that.”
He also said hackers can use personal information to take out loans, steal identities, make wire transfers and complete other scams. He said companies have a lot of intellectual property hackers can steal and then resell on the dark web.
Moses said gaining access to a company’s computer network usually occurs by gaining an individual employee’s password. This is done by cracking the employee’s social media password, which they also use for their work password, they then can get in the company’s server and do what they want.
“If they can access those credentials they can access you, they can get into this stuff, and they have a way of getting to a lot of other stuff,” he said.
He said social media is often the way hackers can get login information, along with the names of other potential targets.
“Through Facebook, you can find out who is connected to your account,” Moses said.
Myth: Most hackers aren’t dangerous; they’re just teenagers
He said as for the third myth, hackers should be considered very dangerous to a business.
“This is a job, a very lucrative job for people, and I think the last count was there are hundreds of thousands of people that do this type of work every single day,” Moses said. “And they’re not just in Croatia and they’re not in Russia, they’re in the U.S. So they’re all over and they spend their whole time, as opposed to our guys fixing things, they try to build code and write code that compromises and accesses all of our data. That’s what they do for a living, and they’re not very nice people. It’s a big money business; they spend a lot of money and they make a lot of money.”
Myth: Law enforcement will protect me from a cyber attack
He said the fourth myth is easy to dispel by the sheer number of attacks hackers launch every day.
“Unfortunately, law enforcement is not in the business of protecting us from cyber attacks,” Moses said. “After the fact, after you’ve been compromised, they’ll come in and try to help you. Sometimes they’ll call in the F.B.I. and do some things, but they’re just not in on the front end of it.”
He said the government has a lot of resources, and a few months ago Rep. Sean Duffy brought some of their experts in to talk to some of the government’s cyber professionals.
“I asked them what they are going to do about cyber security, because it is a big deal,” Moses said. “They have a lot of resources, they can’t talk about a lot of them, but they are also at a loss at how to contain it because you can’t stop the Internet.”
He said it would be impossible to, say, stop all email from Russia or China from entering the United States.
Moses said the government is having a hard time figuring out a strategy for combating the hackers, “so they’re putting it all on us (security firms).”
“We have to figure out a way to do it,” he said. “Law enforcement, as much as they want to help, they don’t have the resources to be proactive here,” he said.
Myth: Hackers are not well funded
Moses said statistics dispel the last myth that hackers are not well funded.
“I can tell you for a fact that hackers spend 10 times more than businesses in the U.S. spend,” Moses said. “The last count I saw was that in the U.S. we spend about $100 million with protecting ourselves in cyber security protection, hackers globally spend about a trillion dollars creating pathogens and hacking people.”
He said there are a lot of staggering statistics regarding hackers, but he urged the business leaders in attendance to taking cyber security seriously.
‘This is a really big deal’
Moses said the best ways to combat the threat hackers pose is by layering their security, setting up their emails to flag those from external sites, aggressively teach and test their employees on how to avoid falling for phishing attempts of other email forms of attack.
He also said cyber security should be a priority from the CEO down to the lowest level worker who has access to a company’s computer network.
The four major forms of cyber attacks are phishing, ransomware, spyware and web-borne malware. He urged the companies to back up their network on a frequent basis to an off-site location,
“This is a really big deal,” Moses said. “And if you’re not doing this on a regular basis, you’re putting yourself at risk and compromising yourself. Hackers are not looking for the hardest way to get in, they’re looking for the easiest way to get in.”
Jamie Taylor may be reached via email at [email protected]