On December 7, 2016, we continued our ongoing Zarwin Baum Breakfast Series with ‘Cyber Threats and Vulnerabilities: How Exposed Are You?’ Zarwin Baum shareholder Ted Schaer and Beth Fitch of Righi Fitch Law Group shared expert insights regarding financial exposures, disruptive technologies, external threats, and internal vulnerabilities facing businesses today.
The seminar began with examples of data breaches that occurred in 2016, and the cases that resulted from them. Common types of lawsuits following a cyberattack include:
- HIPAA Violations: Healthcare entities that experience breaches are often pursued for Health Insurance Portability and Accountability Act violations, for failing to protect medical records and personal health information.
- FTC Enforcement: The Federal Trade Commission takes action if it believes an organization violated consumers’ privacy rights, or misled them by failing to maintain security.
- PCI Exposure: The Payment Card Industry is hit hard when it comes to breaches, because stakes are particularly high when credit card information is at risk.
And with rapid online advancements and the Internet of Things, potential problems for organizations are always evolving. The seminar detailed the following disruptive technologies:
- Cloud Computing: With data and programs housed on the Internet and not a computer’s hard drive, risk is spread to different entities.
- Dark Web: A collection of websites with hidden IP addresses, known as the Dark Web, make it difficult to detect a hacker’s identity and location.
- Bitcoin: A payment system of digital money, Bitcoin is like cash for the Internet that cannot be tracked.
While we can rarely put faces to these hackers, we must remember they are people, not robots. Three types of external threats include:
- Hacktivists: Individuals or groups motivated by ideology.
- Criminals: Individuals or groups seeking a financial return.
- Nation States: Countries using cyber teams to hack into foreign or domestic systems for intelligence collection or covert action.
In addition, there are a few organizational vulnerabilities to keep in mind:
- Technical Vulnerabilities: Exposures or weaknesses in software or devices that allow a hacker to infiltrate a system.
- Human Vulnerabilities: Elements of human nature, like trust and fear, that hackers take advantage of to provoke a response.
- 3rd Party Vendors: Fitch reminded attendees that an organization’s data security is only as strong as their vendors’. If your payroll company experiences a breach, you have too.
And while these threats and vulnerabilities can be jarring, there are steps to protection. Schaer offered best practices to close out the seminar:
- Run cyber assessments to determine exposures.
- Vet 3rd party vendors and evaluate contracts.
- Evaluate insurance coverage and sub limits of coverage.
- Establish a breach response team and ensure all parties know their roles.
The bottom line? Knowledge is power. If you are informed and aware of the various threats you face, you will be better prepared to mitigate them.