The second annual State of Wisconsin Cyber Security Summit was held at Marquette University on October 8, 2014 (see photo on right). The Summit brought together national and international cyber security experts to discuss how the threat of cyber attacks can be reduced. According to Maj. Gen. Don Dunbar, adjutant general of the Wisconsin National Guard and the senior state official for cyber-security issues:
“The impact of a modern emergency will have physical effects, cyber effects, or both. A cyber attack could be just as deadly and costly as a severe storm or major tornado. Cyber criminals could severely degrade basic services that we rely on such as power, water and communication systems,” said Maj. Gen. Dunbar. “That’s why Governor Walker ordered the expansion of the State of Wisconsin Emergency Response Plan to include an annex focusing on the state’s response to cyber attacks and has authorized the adoption of the cyber hygiene campaign.”
Steps of Cyber Hygiene
- Count: know what is connected to and running on your network.
- Configure: implement key security settings to help protect your system
- Control: limit and manage administrative privileges and security protocols; limit and manage those who have admin privileges to change, bypass or override your security settings
- Patch: regularly update all apps, software, and operating systems
- Repeat: regularize the top priorities to form a solid foundation of cyber-security
Other key notes from the conference:
- In order to stop cyber crime we need to change behaviors. You can’t build a firewall for stupidity. Passwords are too easy to crack into. The weakest link in cyber security are individuals i.e clicking on links or attachments in emails; writing down passwords.
- The problem with mobile devices is that the majority have no encryption, no password, and no time outs. 637,000 laptops are stolen every year at 106 US airports. The majority are never claimed.
- Beware of wireless networks. For example, 90% of the wireless access points at Chicago O’Hare airport are rogue.
Business need to be aware that if they have sensitive data on a network they are a target regardless of the size of your operation. It takes criminals minutes and seconds to access your system and may take weeks and months for you to detect the intrusion. The Chinese are the biggest threat. In the old days a compromised machine can be taken off line. Now taking it off line moves the virus further into the system and requires forensics to locate and contain.
