ENID, Okla. — Cybercriminals are a threat to small and large businesses.
Mark Barnett, IT project manager for Oklahoma Small Business Development Center, gave that sobering assessment in a talk about cybersecurity during Enid Regional Development Alliance’s quarterly luncheon Thursday at Oakwood Country Club.
OSBDC seeks to help state businesses succeed, and part of that initiative is educating business owners and employees in areas of need.
Barnett said it is important for businesses to understand the threat everyone faces.
Small and large organizations are targets of cybersecurity attacks. Barnett said 93% of security breaches against small businesses are financially motivated.
“Small businesses can be a route to a quick payday for hackers,” he said. “The smallest security flaw can lead to a big payout for them.”
While the money is what most hackers are after, there is other valuable information cybercriminals can glean from a business to create leverage, steal money and ruin business reputations.
Besides financial information, data like client information, trade secrets and sensitive information can be sold off on the dark web, Barnett said.
Unfortunately, 60% of small businesses close within six months of a successful cyberattack, he said.
“There is a huge impact this is taking on individuals and businesses, and something we should really be paying attention to,” Barnett said. “All it takes is one small breach and your business is on the line.”
Paying the ransom demanded by cybercriminals is hefty, as the average ransom demand is up 518% since last year, he said.
As digital business practices advance, so do hackers. Hackers are not individual criminals living alone in a basement, Barnett said. They are real criminal organizations that function with the same sophistication as your own business.
“The game has changed,” Barnett said. “Not only are they organized, but they are working together to maximize the amount of value they are extracting from targets.”
The group DarkSide, which hacked the Colonial Pipeline in May, stole hundreds of gigabytes of data from the company. The group demanded a ransom of $5 million, which was paid within a day; however, the Department of Justice was able to recover a large portion of the ransom. However, recovering ransom money is a rare occurrence, Barnett said.
What does the attack look like?
From phishing to ransomware, cyberattacks can begin in your email inbox. Simply clicking on a link in your email can install files called ransomeware onto a computer.
Once the ransomware is installed on your phone or computer, it can remain undetected for weeks or months as the criminals begin collecting data.
“We see hundreds of emails a day, that’s why it’s the perfect vessel to attack us,” Barnett said. “We are so used to email. We look at an email for a few seconds before we decide to open it.”
Phishing emails, texts or calls often will appear to come from an official source or a colleague, with a heightened sense of urgency.
“New phishing websites pop up every 20 seconds,” Barnett said. “Phishing is a gateway for other attacks, like ransomeware.”
In North America, 58% of ransomware attacks start with phishing, he said.
Solutions
For protection, Barnett suggests creating unique, strong passwords or pass phrases, using password managers, anti-virus protection, virtual private networks and dark web monitoring services. Computers, tablets and phones should all be protected.
Besides these services, users can regularly update their software and use two or multi-factor authentication.
“Cybersecurity is a team effort in a business. For cybersecurity to be successful, it must become part of the culture and identity of a team,” Barnett said.
Continuing education
OSBDC offers free workshops to assist businesses with numerous topics. It will be offering a cybersecurity workshop on Nov. 4.
Servicing the entire state, OSBDC provides confidential, no-cost entrepreneurial and small business management advising in order to help Oklahomans start and grow businesses, according to their website.
OSBDC is developing a program integrating business resiliency education with cybersecurity. Cindy Ruminer, training manager for OSBDC, said they help small businesses learn and grown through their services and trainings.
“A huge part of the conversation of business resiliency is understanding that cybersecurity is now a part of that and that isn’t changing,” Ruminer said.
OSBDC will be launching a series of programs in 2022 that partner with Oklahoma-based organizations that are experts in cybersecurity.
Local growth and development
Lisa Powell, ERDA executive director, also spoke at the luncheon on economic development trends.
Problems still are occurring on the supply chain side, Powell said, while economic growth occurs on the other side. She said there is a huge influx of projects being planned nationally and locally. Developers are chasing federal funding from the American Rescue Plan Act.
Powell also said ARPA funding can be used to support the needs of the workforce. Economic developers like ERDA are evaluating ways that money can be invested to support workers.
Locally, she said ERDA has focused its efforts on talent attraction, seeking to create transformational changes in the economy and workforce in Enid.
“Talent attraction is still the No. 1 limitation we have of our economy here,” Powell said. “We have more work and productivity that we could gain out of our economy if we had more workers to help us get there.”
ERDA has allocated several resources for talent attraction to Enid, hinting at the launch of a new job board, she said.
As workers look for a job and a great place to live, ERDA will be launching a digital job board later this year to give employers and job seekers a single digital space for local jobs to be advertised.
Article by: Kat Jeanne, Enid News & Eagle 10.22.21
Photo by: Alexander Ewald