Blog & Tools

Great irony of cybercrime: Simple carelessness often to blame

BBB Cybersecurity event

Weeks or months can pass before people find out that their personal information has been hijacked by data thieves.

Some companies and organizations that have a duty to protect customers’ sensitive information aren’t likely to rush out and publicize their carelessness until they have no other choice. The custodians of the data might not even realize that sensitive business files been infiltrated. By the time customers are warned, they already are victims. Their personal information is being stored, sold or possibly used.

The growing, shifting, and difficult to detect nature of online threats to businesses was the focus of an interesting cybersecurity program hosted Oct. 28 by the Better Business Bureau Inc. in Sioux Falls.

Experts in law enforcement, academia and the telecommunications industry who spoke underscored one of the great ironies in cybersecurity: Despite advances in technology, careless employees often are to blame for clearing thieves’ way to data.

“Ninety-five percent of data breaches involve human error,” said Mark Shlanta, CEO of SDN Communications and one of four speakers at the BBB Cyber Security Program at the Avera Prairie Center. “Somebody left the door unlocked.”

An employee might have unlocked a door to data by opening an infected email, for example, or by trying to be nice by and giving out a seemingly harmless but valuable nugget of information in a phone conversation. Workers might have failed to activate an overdue computer upgrade or plugged in a tainted flash drive.

In addition to adequately training employees to be on guard, businesses should invest in the software, hardware and people to secure their networks, Shlanta said.

Derrick Day, a special agent with the U.S. Secret Service in Sioux Falls, said most cybercriminals are interested in cashable forms of data. If access to electronic files are locked at one company, criminals will move on to the next target, he said.

“Educate your people. Educating yourself goes a long way toward preventing this stuff,” Day said.

He noted that 45 percent of threats to data can be traced to credentialing issues, according to a study by the U.S. Secret Service and Verizon Business. Twenty-five percent came from phishing communications, and 25 percent from RAM scraper malware. Spyware and keylogger technology only accounted for 5 percent.

In most instances, following basic security practices, such as restricting and monitoring who has access to data, will be enough to keep electronic information safe, Day said.

Det. Pat Marino of the Sioux Falls Police Department, who investigates fraud, said most people don’t realize they’re the victim of an electronic breach until a bank or credit card company alerts them to suspicious activity.

The Police Department participates in a federal program to protect children from abuse on the Internet, but it doesn’t have a local division specifically devoted to fighting cybercrime. The guess here is that the need for such a division will come.

The fourth speaker at the event was Dr. Kyle Cronin, an assistant professor of cybersecurity at Dakota State University in Madison. Providing cybersecurity is everyone’s job; the issue comes down to education, he said.

More young people should be encouraged to pursue careers in cybersecurity because the number of people needed in the industry is growing, Cronin said.

Fighting cyber attacks is reactive in nature because people in the industry don’t know how or from where the next attack will come, Cronin said. Steps such as keeping antivirus protection updated will eliminate most threats, he said.

For cases to be prosecuted, victims must be able to prove a loss. Attacks come from all over the world, Day said. But some countries don’t outlaw cybercrime, and some don’t cooperate with international investigations, he said.

Global realities like that increase the need for employees closest to the data to be careful and use common sense.

About 70 people attended the BBB’s third annual cybersecurity presentation. SDN Communications, KELOLAND-TV and Avera McKennan Hospital and University Health Center sponsored the event.

SDN is a major provider of broadband connectivity and cybersecurity solutions for businesses and institutions in the Sioux Falls region.