New strategies to protect yourself from data breaches. That was the topic up for discussion at a cyber security symposium hosted Friday at William Paterson University.
“What’s interesting about the cyber data breaches that we investigate is in each different industry has a different way of being breached,” said Steve Lutinski, director of cyber security services at Verizon.
Lutinski stressed the importance of understanding who is behind cyber attacks. In education, he says the cyber attackers usually come from the outside.
“A lot of the attacks that we see today are really in response to someone getting an email, a phishing email. And they go out to some bad malicious website and from there, the malware gets downloaded onto that machine,” he said.
But because health care data is more valuable than other data, he says the majority of breaches at health care institutions are done by employees.
“This is a people issue more than it is a technology issue, so it’s really just making sure you’re being very aware of what you’re doing with your data,” said Lutinski.
David Rossi, a cyber security architect for IBM, says we need to stop thinking we’re smarter than the hacker community. Instead, he says we should try to make it economical for them to work with us, not against us. He gave the example of President Trump signing a bill last month that will make a $380 million grant available to states for election security.
“If I was going to use the money, I would use the money for third party or bounties to help understand what the vulnerabilities on the systems are,” said Rossi.
But what about your personal data?
In September of last year, one of the country’s three major credit reporting agencies announced it was the victim of a data breach. Equifax confirmed hackers took people’s social security numbers, names, addresses, and dates of birth. Roughly 148 million Americans were affected. And, since then, companies like Saks and Panera have also been the victims of cyber attacks.
“A lot of breaches happen because of known vulnerabilities. So it’s very important for corporations to have proper ways for getting Intel about different vulnerabilities and actually reacting quickly by putting patches on their systems,” said Rossi.
2017 hit a record high of data breaches with a little more than 1,500.
“If a breach does happen, you have to have an incident response plan because you have to know how you’ll react to it,” said Rossi.
Lutinski says with more and more information online, it makes it difficult to protect yourself, and that’s why you have to be extra careful.
“Don’t be so open with your data, don’t put everything online that you think you need to. As far as interacting with any organization, the two factor authentication is one of the larger things I would recommend,” said Lutinski.
That could be as simple, he says, as asking to get a text or phone call to your phone with a pass code as an extra layer of protection.