In a global environment where criminal hacking has become an industry in itself, Peter Reid acknowledges that few businesses have the resources to hire a comprehensive cybersecurity team.
And even among the limited companies that do possess this capability, there’s no sitting back when it comes to protecting the security of clients and customers, said Reid, an assistant professor of information technology at Johnson & Wales University.
“You can’t outsource your responsibility for protecting your customers’ data,” Reid said during an Oct. 10 panel discussion at Providence Business News’ 2024 Cybersecurity, AI and Tech Summit at the Crowne Plaza Providence-Warwick in Warwick.
The discussion, titled “The Great Unknown: Strategies for Controlling External Risks,” included Kim Keever, senior vice president and chief information security officer at Cox Communications Inc.; Brian J. Lamoureaux, partner at Pannone, Lopes, Devereaux & O’Gara LLC; and Rick Norberg, CEO of Vertikal6 Inc.
While panelists drew from a variety of sectors under the broader technology sphere, they agreed on key takeaways. For one, no business is immune to a cyberattack, even with robust protections in place.
Within the past year, this sentiment has perhaps been more apparent than usual thanks to highly publicized cyber breaches against corporations such as Crowdstrike Holdings Inc. and Ticketmaster Entertainment LLC, which compromised individual customers’ data and caused industrywide sales and service disruptions.
And these incidents aren’t just isolated events affecting big-name businesses, said Normand Duquette, senior vice president of Starkweather & Shepley Insurance Brokerage Inc. and panel moderator.
Rather, Duquette noted, statistics show a growing incidence of cybercrime in Rhode Island and throughout the U.S.
In 2023, FBI-confirmed internet crime complaints in Rhode Island jumped 28%, to 1,425, compared with 2021, which had 1,115 confirmed cases. All in all, these events cost Ocean State businesses and residents more than $46 million.
Nationwide, statistics reflect an even bigger increase in cybersecurity complaints, with these filings rising by 83% between 2019 and 2023 and costing the public $12.5 billion.
While troubling statistics in themselves, Duquette said, these figures don’t reflect the additional incidents that go unreported.
With these trends in mind, “The best you can do is prepare yourself, put a continuity plan in place for yourself and make sure you’re backing up your data,” Norberg said.
“Come from the posture that this is going to happen,” he said, adding that companies should be asking, “How do I mitigate the risks as much as possible?”
Norberg speaks from personal experience. Even as the head of an information technology company, he said, his own PayPal account has previously been hacked, even with security measures such as two-factor authentication and a strong password in place.
While Norberg’s advice may sound grim, panelists emphasized that while businesses can’t prevent cyberattacks with certainty, they can – and must – take steps to limit the possibility.
And while these measures can mean bringing in cybersecurity professionals when possible, they noted, businesses of all sizes can take basic but meaningful action.
Part of this risk mitigation involves “having the [cyber] hygiene to know where the data is, what you’re trying to manage,” Keever said. It’s a skill that even businesses without a technology focus can master.
“There’s nothing fancy or technical about that” awareness, Keever said. “It’s more just about … understanding your environment.”
And with a shortage of cybersecurity professionals, as Reid noted, many businesses currently rely on these smaller-scale reforms. Last spring, a European Union report ranked a cybersecurity skills gap as the second-largest risk facing businesses, Reid said, ahead of artificial intelligence.
But there may be some hope on the horizon as more academic institutions launch education and training programs to develop a cybersecurity-focused workforce, Reid said. Indeed, all Rhode Island colleges and universities are offering a degree program in cybersecurity or related fields, and Rhode Island College has launched the Institute for Cybersecurity and Emerging Technologies.
This wealth of local options now starkly contrasts offerings a decade ago when “there weren’t that many, if any cybersecurity programs,” Reid said.
As data storage options and capabilities increase, users must also remember to purge information they no longer need, Lamoureaux said, noting that his clients commonly ran into trouble because they were lax with properly erasing data from systems.
Norberg shared similar advice, urging businesses to delete unused files and servers as soon as they have exhausted their purpose.
“Otherwise, people forget, life goes on, and the next thing you know, you have a problem you didn’t need to have,” Norberg said.