Tech400 5th Annual Cyber Security Symposium

February 28, 2018 10:33 am
Posted by

What is Tech400?

Tech400 of the Greater North Fulton Chamber of Commerce provides a platform for connectivity to the business technology community. Through Tech400, businesses can gain knowledge and awareness, leverage being educated on current issues, and engage in networking opportunities that allow for a business to grow and sustain.

If you are looking for an organization to help educate and guide you through the landscape of current and incipient technology that includes, but is not limited to: security and how it impacts both our personal and business lives; connectivity and how it is evolving at an astounding pace to ensure we stay linked from all corners of the globe; and artificial intelligence and the emergence that is guiding all aspects of smarter business from big data analysis to self-driving cars.

These platforms, connections and experiences are provided through round table discussions, monthly meetings, and networking events with subject matter experts to share and collaborate on how technology both impacts and improves the business landscape.

5th Annual Cyber Security Symposium

On February 23rd, 100+ technology professionals came together to hear United States Secret Service Special Agent Kevin Walsh talk about cyber security! We also had the chance to ask questions at the end of our conversation with the panel who joined Agent Walsh.

Faisal Ansari – Senior Vice President, Trustmarq Global Services
Jason Bernstein – Partner, Intellectual Property Group
Forrest Pace – Cyber & Strategic Risk Leader, AIG

Last year, over a billion records were hacked into (that we know of) and this can literally happen to anyone. The reoccurring theme throughout the presentation, was that you need to have a plan. What are you going to do if this happens to you or your business?

Walsh focuses on organized and multi-national crimes and works with the “Electronic Crimes Task Force” to help stop credit card (skimming), gas pump and ransomware frauds. There have been over 4,000 attacks daily since January 1, 2016. This is a 300% increase over 2015 and the scary thing is, this continues to grow daily with all the new technologies these hackers have at their fingertips.

Below is a picture of a skimming tool used for ATM’s. They like to keep it simple, so when they remove the device it only takes seconds. Agent Walsh recommends gently tugging at the card reader if you see anything suspicious. If it comes off easy it is being used by hackers.

Methods of Attack

Phishing. This is a common word that we have all heard before. It’s the fraudulent practice of sending emails from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. Keep an eye out for spoof domains.

Here is an example: Accounting@IBM.com  Accounting@1BM.com

When replying to an email, it is likely that you aren’t going to realize there is a difference in these. We tend to not pay attention and move to quickly, making it easier for hackers.
Spear Phishing. This is the same as above but is direct targeted. Meaning, it appears that it is being sent from a “known” or “trusted” sender. The key word her is APPEARS. Make sure you check for spoofed domains, etc. 91% of attacks are Spear Phishing.

Whaling. This is a phishing attack but is targeted to C-level executives. Most of the time these attacks are a “legit” request made from the “boss”. I use these quotations because hackers will do a lot of research to make sure that these emails seem authentic.

Social Engineering. This is an attack that relies heavily on human interaction and often involves tricking people into braking normal security procedures. 84% of hackers attack this way. They are extremely patient and do their research.

What to do when breached?

There are multiple things you should do when you know that something is wrong but here are just a few of the most important things to do RIGHT AWAY.

1. Isolate the infected system immediately.
2. Once isolated, power off the affected devices.
3. Try your best not to “pay” them out. The government doesn’t advocate this and would like to try to help you before you give up any money.
4. Contact law enforcement immediately. Whoever you are comfortable calling; the police, FBI, etc.

Unfortunately, when you have realized you’ve been hacked its usually too late to do more of these. In that case you want to make sure you always protect your systems. Backup, backup, backup! Make sure that you secure your backups offline if possible.

What can you do to help eliminate your risk of being hacked?

1. Use long passwords – this will help extend the time for the hackers to run through all the password possibilities. Could take hundreds of years depending on how long the password is.
2. Change your passwords frequently.
3. Patch and update your systems regularly.
4. Use multiple forms of verifications for logging in.
5. Contact people you don’t know by phone, not by email.

One thing that Agent Walsh told us towards the end of his presentation dealt with BEC (Business Email Compromises). We all know that this is where credentials are stolen, or malware is installed using a spoof or similar domain. Again, to reiterate, these hackers have extreme patience. They will wait for the right time to strike. They will do their research and they know when you are most vulnerable.

Something to keep your eye out for is the word “KINDLY”. Through all of their data analytics, they have noticed over the years that most Business Email Compromises have come from emails that end with “KINDLY”. This is something that we normally don’t use to end our emails with. So always think twice before replying back or clicking that link, especially is you see this term used in the email.

Filed under: , , , . Tagged with: , , , , .

Testimonials