The numbers are staggering. It is predicted that in the next few years, cybercrime will cost the global economy trillions of dollars. When we think of cyberattacks, it is natural to consider the recent high-profile breaches that hit mega corporations – Citigroup, Sony, Epsilon, Equifax, JP Morgan, Target, Visa and Mastercard among others.
Often overlooked is the devastating impact and the frequency of cyberattacks involving small and medium-sized businesses (SMBs). In 2017 alone, cyberattack-related costs for SMBs equaled more than $2.2 million each. In fact, more than 7 of 10 cyberattacks target small business and 55,000 devices are compromised by ransom ware every month. The average remediation for a cyber attack on small business is an astounding $990,000, and 60% of small businesses are forced to close their doors after being victimized by a cyberattack.
Several Lansing area organizations saw these statistics and decided that something had to be done. Fraser Trebilcock, Lansing Community College, Providence Consulting and Truscott Rossman formed The Defeat the Breach Coalition – a multidisciplinary alliance of professionals who are experts in their chosen fields, working together to protect SMBs from every aspect of a cyberattack. The purpose of the Coalition was to encourage businesses to get out in front of cyberattacks, rather than waiting until after an attack has occurred.
“How do we flip that script from being reactive to proactive, and what is it that businesses actually need help with,” said Theresa Kent, customer success manager for Providence Consulting. “What are the three key areas to proactively prepare for cyberattacks, what can they do to educate themselves and what can they do if one were to occur to stay in business.”
“Cyberattacks are becoming more and more sophisticated, prevalent and something people need to be prepared for and defend against,” said Sara Wurfel, vice president for public affairs at Truscott Rossman. “One wrong click or data breach can shatter customer confidence and cause irreparable harm to a company’s reputation. That’s why cybersecurity preparation and a fast, comprehensive response are so imperative.”
The group has developed a website, defeatthebreach.org, which offers a free risk assessment to help people get started. Training offered in the program will provide a full scope of every aspect that would affect a business for cyberattack.
“It helps them prepare for how they put in protective measures for IT, strengthen and prepare their staff,” said Kent. “It allows them to know how to protect their reputation and control the information the media or their competitors get ahold of. It also helps them understand legally what they need to know.”
“This Coalition has great potential to educate and provide more specific services when needed and is appropriate,” said Fraser Trebilcock shareholder Jonathan Raven, Esq. “Fraser Trebilcock is proud to stand with our colleagues to help bridge this gap in information available to businesses in the areas of data breach prevention and cybersecurity.”
When it comes to cyberattacks, experts say it is not a problem that is solved by the IT guys. Rather, it comes with leaders understanding the threats and risks and developing effective strategies. Defeat the Breach encourages business to be prepared for cyberattacks, strengthen your organization’s resilience and be prepared to respond appropriately if you are victimized by cybercrime.
If you Fail to Prepare, you Prepare to Fail
Even if you believe that your cybersecurity countermeasures are flawless, you must always prepare for the worst. Underestimating cybercriminals’ ability to adapt and innovate is the fastest way to make yourself a victim.
“It was unheard of for companies to go under from a cyberattack, even five years ago,” said Kent. “If they are prepared for the worst, then the worst isn’t going to happen.”
The Defeat the Breach Coalition provides current, in-depth training and consulting to ensure that those under our care are prepared when a cyberattack strikes. One of the fastest rising cybercrimes is ransomware, which is when someone hacks in, phishes, illegally holds your data and holds you ransom for the return of that data.
“Today, data is more valuable than gold and hackers know this,” said Kent. “If you pay them, sometimes the hackers demand more money. It can escalate very quickly and become very costly.”
Kent says organizations need to make sure that they have all protective measures in place. Organizations also need to ensure they have the gates surrounding their data. Staff training is also essential.
“With ransomware, a lot of it happens with a simple phish e-mail,” said Kent. “All it takes is one click and you have ransomware.”
Defeat the Breach will train employees at every level of the company to build a culture of security and vigilance.
Be Prepared Before and After an Attack
Making your technology safe from cyberattacks is no simple feat and keeping it that way is even more difficult. Your IT security provider may have given you the tools needed to protect yourself, but are they implemented correctly? Are they being maintained properly? Do they represent systems that ensure your company evolves ahead of new threats?
Fraser Trebilcock Shareholder Thad Morgan emphasizes it is important to view cybersecurity issues from a pre-breach and post-breach perspective.
“Seeking legal counsel before an issue arises will help the business understand the legal implications of a data breach,” said Morgan, who heads Fraser Trebilcock’s litigation department and has lectured on the issue. “Setting up that relationship in advance prepares the business and helps ensure that the attorney knows the client’s business and is more ready to move quickly to respond to events.”
Fraser Trebilcock Shareholder Jared Roberts noted that a common business mistake is a failure to consider and manage internal vulnerabilities to attack, theft or sabotage from disgruntled insiders, insiders seeking to take information to a competitor, or insiders seeking to compete on their own in the future.
“Damage and theft from within have been statistically more common than breaches from the outside, and businesses should not lose sight of those risks,” said Roberts, who works in litigation and is the acting head of the firm’s intellectual property department.
Your First Response is Most Important
You can do everything in your power to prevent a data breach, but the possibility always exists that one will succeed in damaging your systems or stealing your critical data. In this case, your response will mean the difference between forging ahead and going out of business.
“Cyberattacks bring the kind of publicity you don’t want,” said Wurfel. “Some simple steps on the front end can make all the difference in protecting your customers, company and future.”
Ideally, being proactive will prevent an attack from happening in the first place. The Coalition will make a major push in this area, including risk assessments, staff training, etc. If an attack does occur, the focus shifts to several tools that will help ensure an immediate and robust response to a critical situation. When it comes to the overall public relations, strong follow-up is essential.
“Making sure you’re owning it, apologizing for it and fixing it is key to minimizing impact and remediating and recovering from any cybersecurity incident,” said Wurfel. “Your customers, stakeholders and any regulatory officials must know and see that you have taken it seriously, moved quickly and are doing everything possible to prevent a “next time.”
LCC Recognized for Cyber Defense Leadership
Lansing Community College, another Coalition partner, has been recognized as a National Center of Academic Excellence (CAE) in Cyber Defense Education by the National Security Agency and the Department of Homeland Security. LCC had to meet certain criteria and provide a series of services including program guidance and oversight, general cyber defense information and the development of collaboration and outreach opportunities among students, faculty, and other institutions, most notably the Defeat the Breach Coalition. LCC’s Center for Cybersecurity will contribute significantly to the advancement of state-of-the-art cyber defense knowledge and practices.
“The CAE designation is a critical step for Lansing Community College and its vision of becoming the region’s source for cyber defense training and education,” said Eduardo “Ed” Suniga, director of computer information technologies and program innovation technical careers division, Lansing Community College. “Through this effort, we are filling a crucial need in our community by creating cyber-defense and cyber hygiene minded professionals and citizens.”
To qualify for the CAE designations, LCC’s programs are closely aligned with specific cybersecurity-related knowledge units, as validated by experts in the field. In addition to the academic benefits available to CAE school students, students attending CAE schools are eligible to apply for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and can apply for the Federal Cyber Service Scholarship for Service Program.
Be Proactive in Fighting Cybercrime
Unfortunately, many businesses have fallen or will fall prey to the cyber villains. However, making informed decisions and using a multi-faceted approach can eliminate or minimize the stress and expense involved. Plus, it becomes easier to contain the damage caused by the cyber-attack. The Defeat the Breach Coalition represents an important local effort to win the battle against cybercrime.
“Everyone is extremely vulnerable,” said Kent. “Joining this Coalition says we are going to own our data, protect it and secure it here in Lansing. We’re protecting the people who do business with us. We’re doing our part to keep people safe.”