Chamber Board Chairman Dan Wagner (far left) and Bob Knott, SWC Technology Partners CEO and Moderator (far right) and speakers left to right: Vince Voci, US Chamber of Commerce, National Security and Emergency Preparedness; Larry Wojcik, Ace Hardware; Bennett Cikoch Ace Hardware; Bob Kuminara, Millennium Trust; and Brad Adams, Graycor
The Chamber’s first Cybersecurity Forum, presented by the Banking and Financial Services Committee on May 16 at the Le Meridien, was intriguing, enlightening, and disturbing. Here are just a few of the things our business audience learned at the forum and that are highlighted in SWC Technology Partners’ article, PHISHING for an Unwitting Accomplice:
- – Cybersecurity incidents have risen 38% among all businesses since 2014; 64% for mid-size companies
- – The vast majority of cyber attacks are via “phishing’ emails, in which attackers send emails that look like regular business or social emails to employees to “hook” someone into responding
- – These phishing attacks may be mass emails appealing to a wide audience, disguised as a communication from a reputable source like PayPal, Facebook or UPS; one employee click is all an attacker needs to access a user’s login credentials
- – Advanced phishing involves sending emails to employees who have access to sensitive information or systems, using lookalike domains that appear to be legitimate; these attacks can result in very serious financial loss for companies, including wire transfer fraud
- – 97% of employees can’t spot these phishing emails
- – 63% of employees have compromised or forgotten a password and exposed their companies to attacks
- – Mid-size U.S. companies have reported an estimated average annual financial loss of $1.8 million per company, but the loss is much higher, as up to 70% of attacks go undetected
- – Smaller companies are usually unable to register such incidents as a threat until it is too late to reduce the risk
- – 60% of small businesses close within six months of a cyberattack
What can a company do?
SWC Technology Partners recommends establishing a systematic, holistic approach that leverages not only technology, but behavioral training for employees. To help companies set up preventive cybersecurity systems, SWC “pressure tests” a company to establish a baseline for how it responds to simulated attacks. They then identify the highest risk areas to learn what type of information would have been compromised in an attack. Next, SWC sets up a user awareness training program for employees on how to reduce risk in these areas.
Here are additional cybersecurity guidance links from the U.S. Chamber of Commerce:
The U.S. Chamber and Illinois Chamber of Commerce will host a statewide Cybersecurity Conference in Schaumberg on June 28, 2016. For information, please click here.