Is the Cyber Threat Real? Small-to-Medium Businesses Impacted by Cyber Threats, Overview of May 9 Presentation

May 9, 2019
3:00 p.m.

 

Is the Cyber Threat Real?

Dennis Ast, CPCU, CCIC, Senior Account Executive at OneGroup, presented compelling statistics regarding Cyber Security and the impact on small-to-medium-businesses – where 58% of cyber breaches occur. He noted, "According to the US National Cyber Security Alliance, 60% of small businesses fail within six months after suffering from a cyber-attack."

Chillingly, organized crime accounted for 62% of breaches – which can attack anything connected to the internet - per the Verizon 2018 Data Breach Report. Cyber Risk Trends, reported Ast, include Phishing/Spear Phishing, Pretexting and Wire Fraud Transfer, Ransomware and Malware, Crypto Jacking (noting a recent $40M dollar bit coin theft), He noted, however, that email is the most common vector at 96% occurrence. Negative Search Engine Optimization, among others.

The FDA has responded to Cybersecurity in medical devices by proposing recommendations for protections as well as requisites for submission and now provides guidance documents for device manufacturers and health care delivery organizations, to include:

  • Draft Guidance: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
  • Final Guidance: Postmarket Management of Cybersecurity in Medical Devices
  • Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software
  • See: https://www.fda.gov/medical-devices/digital-health/cybersecurity

Ast recommends practicing "Good Cyber Hygiene," such that you/your business:

  • Routinely update software when patch versions are provided
  • Secure mobile devices with a lengthy passwords, using a phrase to include upper and lower case lettering, numbers and characters
  • Use multifactor authentication
  • Access free or better, purchase anti-malware software

Ast strongly recommends businesses conduct employee training, perform a risk assessment, provide and routinely test a back-up system, perform due diligence with vendor management and establish a Cyber Response Plan. The Cyber Response Plan promotes a company’s ability to have resources in place and the ability to respond quickly. Ast also noted that Cyber Security insurance costs are much more reasonable and the use of a data breach coach can curtail damage from an attack. Ast provides the following additional resources:

A copy of Dennis’ slides are available upon request to: cnybac@upstate.edu.

View All Events »