Bellingham summit: Cyber attacks are on the rise, but most are avoidable

While the topics were broad, a few main points were regularly brought up at the inaugural Cyber Risk Summit: Computer attacks are on the rise and can hit large and small businesses. But much of the threat can be defeated by following basic security tactics.

The summit was held at Whatcom Community College on Thursday, Oct. 30, and was all-day affair, featuring topics that included current cyber threats, prevention, social media and educating the workforce. Along with WCC, the event was organized by Western Washington University and the Technology Alliance Group for Northwest Washington.

“If you are proactive, you can mitigate most of the problems,” said Allen Pemberton, the event chairman and a TAG board member.

More than 150 people signed up for the event.

“This first-time event was a significant success, drawing business leaders from throughout western Washington,” said Meg Weber, executive director of TAG. “The participants tell us they came to the summit because they know cyber risk is a real threat to the resiliency of their organizations. They wanted to connect with experts who could help them assess issues and develop strategies.”

Cyber attacks have become such a big problem, and can cost a business so much in terms of intellectual property and customer information, that they should be considered an overall business issue involving the entire company rather than just the responsibility of the information technology department, Pemberton said.

Prevention and having a plan were noted in a morning panel discussion about partnering with law enforcement. In analyzing hundreds of data breaches in 2013, the nonprofit group Online Trust Alliance discovered that 89 percent of those breaches could have been prevented if basic security controls and practices were in place.

The law enforcement panel, which included a member of the FBI Cyber Task Forces’ Seattle office, encouraged businesses to contact law enforcement before and after a cyber attack. Contacting before an attack is a way a business can establish a relationship with law enforcement. Contact during or after a cyber attack is useful, even if the attack is unsuccessful, because it can give law enforcement more information that could lead to an arrest.

One type of attack the panel discussed was “spear phishing,” where someone sends an email to a specific organization to try to steal confidential information. Many times the email looks like it is from someone within the organization, asking the recipient to open an attachment that is downloaded into the computer and collects data, said Andreas Kaltsounis of the federal Defense Criminal Investigative Service. It’s something everyone in a company should be thinking about before opening any email attachment.

“They are well-written and can fool people,” Kaltsounis said.