Cybersecurity is a key concern for financial institutions, health care organizations, retailers and other businesses around the world. Last year, more than 100,000 security incidents, including 3,141 confirmed data breaches, were reported last year, according to Verizon’s “2016 Data Breach Investigations Report.”
Daniel A. Medina, director, Berkeley Research Group Inc., moderated the ForUM panel discussion on “Cybersecurity,” which included two Miami-based special agents with the FBI, Carlos Goris, and Lauren Szwech.
“Cybersecurity is the FBI’s third priority, along with criminal cases and national security investigations,” said Szwech. “If a data breach occurs, we want to track the criminals and help mitigate the consequences.”
Goris noted that the FBI has seen enormous growth of the “dark web,” where hackers sell their illegal digital goods to criminals around the world. “They might send an email with malware that will lock up a database and ask for a ransom to release that information,” he said.
On a national security level, hackers want military and business secrets, added Szwech. “Some countries hire full-time hackers whose only goal is to penetrate our country’s networks,” she said. “Companies need to have the security tools and procedures in place to protect their information. If trade secrets are stolen, the entire business could go down the drain.”
Cautioning that one in four companies will face a data breach in the next few years, Taryn Powell Aguas, president, cyber risk services, Deloitte Advisory, said a breach can result in both direct and intangible costs. She noted that cyber insurance typically covers only the direct costs, such as credit monitoring, notifying individuals and regulatory judgments.
“But there can be very serious costs below the surface, such as the impact on your brand and the disruption to your operations,” Aguas said. “So, you have to be vigilant in monitoring threats, respond quickly and mitigate the impact as quickly as possible.”
Art Ehuan, managing director, cybersecurity, Alvarez & Marsal Taxand LLC, said criminal groups are relentless in seeking out vulnerabilities in a business network. “Recently, we worked with a chief technical officer (CTO) who designed his own system and believed it was secure,” he said. “The CTO was very surprised when we showed him the malware the hackers had already installed on his network.”
However, Ehuan said technology tools can only go so far in protecting information. Limiting access, insisting on strong passwords and educating employees are other vital aspects of a cybersecurity program.