I attended the recent 2013 State of WI Homeland Security Cyber Conference. The overall message from the day: it is not IF you will suffer a breach but WHEN you will suffer a breach. I'm to passing along a few notes:
- Back in 2012 the State of South Carolina suffered a breach that exposed 3.8 million taxpayers, 1.9 million dependents, 700,000 businesses and 3.3 million bank accounts. The Breach occurred because an employee inadvertently opened a pfishing email. This error cost the state over $20 million—all because of an email. The State didn’t realize that they had been attacked until notified by law enforcement.
- Lockhead Martin had discovered an attack of their network that came in the form of emails sent to employees that had attended a conference by sending emails that appeared to send follow up slides and information to the conference attendees.
The FBI reported that the landscape for cyber crimes is changing to state sponsored attacks, i.e. countries trying to steal US companies R&D trade secrets from the private sector. Attacks are advanced and aggressive.
- As individuals we should be aware that our greatest vulnerability is using credit/debit cards at places such as gas pumps, bus rides, remote vendors, etc. Companies that accept credit cards and are PCI compliant need to realize that this compliance is a baseline minimum.
- The biggest threat to networks are the employees: "Think before you click" / "Beware before you share" should be the mantra. Businesses need to promote a culture of security awareness.
- Private companies are urged to join InfraGuard which is a way to communicate with the FBI regarding threats and for the FBI to communicate back to businesses. www.infragard.org
No matter what precautions a company takes, you will never get ahead of a hacker.
The speakers included representatives from Utility Companies, Banking, Security Consulting, FBI, SC Dept of Revenue, and The State of Wisconsin National Guard/Homeland Security.
See the conversation on Twitter by searching #WICyber.
