Compromised business email accounts are among the top online threats to Wisconsin companies in 2018, according to Byron Franz, a cybersecurity special agent for the FBI.
He spoke yesterday at the Wisconsin Tech Summit, held at the GE Healthcare Institute in Waukesha by the Wisconsin Technology Council.
Email accounts can be hacked through technological means, but also by targeting the most vulnerable part of any company’s security system: its people.
Spear-phishing is a method for precisely targeting decision-making individuals in the company. It’s often done by sending misleading emails, using data mined from the internet to customize the message in hopes of getting the target to click a nefarious link.
Doing so can open up that business account to outside control, often without the knowledge of the targeted user or the employer. Cases like these underline the importance of getting system-wide scans, Franz says, to ensure the integrity of the company’s security.
“The fact is, we are being attacked at home,” he said. “In the year 2018, your digital life is your life, and the failure to protect yourself can result in obviously huge tragedies.”
He says the approximate direct financial cost of these types of breaches to the United States has been estimated at around $109 billion. But that doesn’t get at the value of ideas and secrets that are stolen alongside more concrete assets.
Taking the value of this information into account, Franz says that number could be as high as $400 billion.
“In the Wisconsin context, we have at least charged federally four cases where proven or alleged theft of intellectual property took place,” he said. “The most recent one being in Madison involved GE Healthcare… a man admitted to downloading something like 1.6 million files on something called MRI source code… this is important stuff to GE Healthcare’s bottom line.”
He emphasizes the importance of data security for Wisconsin manufacturers as well, as many of the country’s industrial control systems are made by Rockwell Automation. He points to the 2015 hack of systems like these in Ukraine which caused major, extended power outages. And in 2016, Kiev was hit with a similar cyber assault that also had infrastructure impacts.
“Does that mean Cudahy, Wisconsin, potentially ground zero for a Chinese military cyber attack?” he said. “Yes that’s what it means. Wisconsin makes the things the juggernaut runs on. They’re coming here, and we have to be careful.”
That means businesses in the state need to hire workers who understand how these attacks are pulled off, he argues.
“There is no cyber protection wall agency deflecting this stuff; it’s business, protecting Americans. It’s institutions like University of Wisconsin, Marquette, protecting ideas and skilled professionals doing that,” Franz said. “Our tech schools out here — WCTC, MATC — they are producing great loads of them… penetration testers and others with skills of cyber defense.”
“These are the war-fighters of tomorrow, but we need them today,” he added.
–By Alex Moe