Timothy Ryan, Director of Cyber Security & Investigations, Kroll
James Mattola, Director of Financial Investigations/Litigation Support for Sobel & Co.
David Weinstein, NJ State Director of Cybersecurity, Office of Homeland Security
NJBIA recently asked three cybersecurity experts to assess the cyber threats facing businesses. All three will be participating May 10 in NJBIA’s Cybersecurity Summit, which will provide a forum for attendees to learn how New Jersey businesses can prevent cyberattacks and handle breaches when they occur.
NJBIA: From a practical standpoint, what are the biggest cybersecurity threats facing business today?
Timothy Ryan: “The most significant threat today to both small and large companies is the emergence of hackers who are destroying data rather than stealing it. This is a trend that has been increasing over the last four years and shows no signs of abating.”
James Mottola: “The biggest threats exist both internally and externally to an organization. The internal threat is effectively integrating technological solutions with human behavior; to assist organizations in mitigating inherent technological vulnerabilities, which manifest themselves as a direct threat to an organization, by the use of the same tools which have been developed for legitimate commercial purposes. Criminal hackers, who are the biggest cyber security threat, exploit technological gaps and user error for personal gain and in turn erode our ability to conduct lawful commercial transactions with confidence.”
David Weinstein: “Some of the biggest risks to small businesses stem from a lack of awareness of cyber threats and poor adoption of best practice. Basic ‘cyber hygiene’ such as patching vulnerable systems, implementing two-factor authentication, and cultivating a security-conscious workforce can help small businesses thwart most low-level cyber incidents.”
NJBIA: The big cyber hacks make the news, but small businesses are at risk, too. What are the biggest cybersecurity threats to small businesses?
David Weinstein: “An increasingly prevalent threat impacting small business in New Jersey and across the country is ransomware and business email compromise.”
Mottola: The biggest threats to small businesses involve the effective integration of an information security program into the business process. For any small business, defining the specific type of information to secure, and the manner in which to secure it, continues to be a challenge that must be addressed. The greatest threats come at the cost of inactivity, where the direction of interest of fraudsters is focused on businesses that make themselves vulnerable due to the lack of internal controls and employee awareness, thus leaving the continuing economic viability of their companies at risk.”
Ryan: “Small businesses face the same threats as their larger counterparts, however, they have little to no dedicated staff or resources to confront the threat. It does not matter if you are a three- person CPA firm or a 1,000-person auditing firm. Hackers know that both firms have a substantial amount of personal information that can be monetized on the black market.”
NJBIA: For many businesses, the biggest threats are the ones they don’t see coming. What are some of the threats that no one knows about?
Mottola: “One of the areas that has not gotten enough attention is the potential for targeted attacks against mobile devices. Most technologists I speak to seem to agree that this area, which has emerged in the bring-your-own-devices era (BYOD), will continue to grow as an area of compromise. Going forward, this will be one of the more dynamic threat areas, especially with the globalization of payment platforms which utilize the mobile phone for a variety of financial transactions for under-banked economies.”
Ryan: “A growing concern is where insiders cause harm to their employer, however, the attack may take the appearance of an external hacker. This trend will also increase.”
Weinstein: “Exploit kits do not get a lot of attention in the media, but they are the primary vector for hackers to distribute malware and infect outdated software applications.”
For more information about NJBIA’s Cybersecurity Summit: “Cybersecurity Practices and Solutions for a Business Like Yours,” on May 10 at the Bridgewater Marriott, or to register, go here.