Aug 19, 2016 - 9:00am

Businesses Beware: Cyberattacks Aren’t a Question of ‘If’ But ‘When’


Ann Beauchesne, the U.S. Chamber’s senior vice president for national security and emergency preparedness speaks at a cybersecurity summit in Chicago.

With cyberattacks becoming a regular occurrence—from retail chains to movie studios to political parties—businesses need to know the best ways to protect themselves.

In July, the U.S. Chamber hosted a cybersecurity event in Schaumburg, IL. Ann Beauchesne, the U.S. Chamber’s senior vice president for national security and emergency preparedness highlighted some of the material delivered by experts:

According to Ari Schwartz, managing director for cybersecurity services at Venable, LLP, the number of cyber incidents from 2014 to 2016 increased and the average cost per data breach incident rose from $3.5 million to $4.0 million.

Robert Silvers, assistant secretary for cyber policy at the Department of Homeland Security says that although cybersecurity threats are pervasive, there are steps that businesses can take to protect themselves.

One tool that offers an important first line of defense is timely, actionable cyber threat data that can empower decision-makers to reduce risks, deter attackers, and enhance resilience. This is critical because nearly 99.9% of reported cyber incidents in 2014 exploited known vulnerabilities.

Department of Homeland Security manages an automated information-sharing initiative that enables bidirectional sharing of cyber threat data in near real time, enhancing the ability of organizations to block cyber adversaries before intrusions occur.

Owing to landmark federal cybersecurity legislation passed last year, businesses now have legal protections when voluntarily sharing threat data with industry peers and government.

Unfortunately, there isn't a silver bullet to create a more secure and resilient network. Businesses must approach cybersecurity from the standpoint that it is not a question of if a cyber incident will occur, but when.

What can business do to protect themselves and minimize any damage? At America’s Small Business Summit in June, Deputy Secretary of Homeland Security Alejandro Mayorkas offered these tips:

  • Passwords. Require your employees to change them frequently, every 45–60 days. Make them complicated, meaning 8–15 characters long, using a mix of upper and lower case letters, symbols, and numbers.
  • Cyber Hygiene. It sounds vague, because there isn’t a precise definition for “what’s good cyber hygiene.” A couple of tips. Don’t allow personal phones to be connected to networked computers. Don’t allow your employees to use USB drives. Limit the number of administrators who have full access to everything. Install patches and software updates when they are available.
  • Test Systems and Train Employees. Resource and budget conscious organizations won’t be able to afford third-party auditors to perform penetration testing, but you can exercise your response plans. As an example, send an anonymous email with an attachment to your employees and see if they open it. If they do, do they report it to IT? Phishing and spear phishing emails remain the easiest way for the bad guys to get into your network.

Just like you wouldn’t leave the front door of your business unlocked, businesses should take commonsense precautions to protect themselves. These efforts combined with cooperation from government agencies guarding against cyberattacks will better protect us in an ever-connected, digital economy.

About the Author

About the Author