INDIANAPOLIS — Cyber threats are top of mind for everyone, from consumers to business owners to the President of the United States. In fact, President Joe Biden recently signed an executive order making cybersecurity a top priority.
“It has reached again a real national conversation,” said Gary Brickhouse, chief information security officer at GuidePoint Security.
Brickhouse said there are two major groups causing cyber issues.
“One group is financially motivated, that’s really all they care about,” Brickhouse said. “They want money. The other group isn’t after money. They are just after disrupting.”
Scott Shackelford, chair of IU’s Cybersecurity Risk Management Program, said it is nearly impossible to fully prevent cyber threats from attacking businesses and the government.
“There is a legitimate concern and confusion about where do you put that next dollar of investment,” Shackelford explained. “Do you put it into end-to-end encryption to make sure that when information is compromised, it cant be read? Do you put in multi-factor authentication? Do you put it in cyber hygiene training?”
Brickhouse said even if a business has its own systems protected, it needs to think about the vendors it works with.
“So, attackers, instead of trying to sort of come through my front door, they’ll come through the supply chain, you know that third party company,” Brickhouse said. “Then they’re able to access and attack my company through that relationship.”
Then, there’s the threat of Ransomware. This is a form of malware that encrypts devices’ files, leading to systems becoming unusable.
Bad actors then demand ransom in exchange for information. Brickhouse said cyber liability insurance can help a company recover.
“So you’re not left with a $5 or a $10 million bounty payment that you have to pay to an attacker,” Brickhouse said.
Phishing continues to threaten Hoosiers by tricking people into clicking a link which then gives bad actors their personal information. The Federal Trade Commission explains phishing in detail on consumer.ftc.gov.