Companies that have failed to invest heavily in cybersecurity are now paying the price as hackers increasingly go on the attack.
In particular, the healthcare sector, not known for tough IT protections, is being hit hard by organized crime groups, Justine Bone, the CEO of security firm MedSec, said during a recent Fortune online event about cybersecurity. Hospitals have an extra challenge, Bone explained, because their leaders can’t simply take their systems offline to patch them or install security tools.
HP Inc. chief information security officer Joanna Burkey pointed to ransomware as an increasingly easy way for criminals to extort businesses. In a ransomware attack, hackers encrypt corporate databases or lock them so that organizations have little choice but to pay the criminals to regain access.
About 15 years ago, hackers needed to operate complicated software programs to conduct their attacks, Burkey said. Now, however, the easier-to-use hacking tools have made it possible for criminals with more limited technical know-how to conduct attacks, she explained.
Although there are many powerful tools for companies to secure their systems, many vulnerabilities are a consequence of human error, like someone clicking a web link they should have avoided, the security experts said.
Employees must practice basic cybersecurity hygiene to prevent attacks, Bone said. This could include using two-factor authentication to access corporate websites and apps, and making copies of sensitive data and then encrypting so that it remains secure from hackers.
Bhavani Thuraisingham, the executive director of the Cybersecurity Research and Education Institute at The University of Texas at Dallas, shared some cybersecurity tips, which may be challenging for the average person to implement unless they own multiple computers.
Thuraisingham owns three laptops and three desktop computers. She uses one laptop and PC for her government consulting work, one laptop and PC for her academic work, and one laptop and PC for her personal life. This way, if she is hacked on her personal computer or laptop, those responsible will be unable to access sensitive data stored on her other computers. Thuraisingham also regularly backs up and encrypts the data on her consulting devices, but concedes she should do so on her other computers.
“It was very hard for me in the beginning,” Thuraisingham said of using so many computers. “It’s sort of become second nature.”
