‘Thinking like a hacker,’ ROI benefits highlighted at PBN Cybersecurity Summit

LISA SHORR, far right, Secure Future Tech Solutions vice president, speaks during the PBN Cybersecurity Summit at the Crowne Plaza Providence-Warwick on Thursday afternoon. She is joined during one of the panel discussions by, from left, Jason Albuquerque, Envision Technology Advisors LLC chief operating officer; Linn F. Freedman, certified information privacy professional and U.S. chair of the data privacy and cybersecurity team at Robinson & Cole LLP; Doug White, professor of cybersecurity and networking at Roger Williams University; Shakour A. Aubuzneid, professor of cybersecurity and networking and incoming program director at RWU; and Eric Shorr, Secure Future Tech president. Standing is PBN Editor Michael Mello. / PBN PHOTO/MIKE SKORSKI
LISA SHORR, far right, Secure Future Tech Solutions vice president, speaks during the PBN Cybersecurity Summit at the Crowne Plaza Providence-Warwick on Thursday afternoon. She is joined during one of the panel discussions by, from left, Jason Albuquerque, Envision Technology Advisors LLC chief operating officer; Linn F. Freedman, certified information privacy professional and U.S. chair of the data privacy and cybersecurity team at Robinson & Cole LLP; Doug White, professor of cybersecurity and networking at Roger Williams University; Shakour A. Aubuzneid, professor of cybersecurity and networking and incoming program director at RWU; and Eric Shorr, Secure Future Tech president. Standing is PBN Editor Michael Mello. / PBN PHOTO/MIKE SKORSKI

PROVIDENCE – In the past five years, the U.S. has logged more than 2.6 million cybersecurity-related complaints, costing a total of $18.8 million in losses. And in Rhode Island, 1,115 people have reported being victims of internet cybercrime during 2021, costing more than $13 million – and that’s just confirmed incidents, according to the FBI’s Internet Crime Complaint Center at ic3.gov. 

But these statistics, highlighted by Secure Future Tech Solutions co-owners Lisa Shorr, vice president, and Eric Shorr, president, at Providence Business News’ 10th annual Cybersecurity Summit at the Crowne Plaza Providence-Warwick on Thursday afternoon, “could realistically be double, triple, even greater,” Eric Shorr said, as the incidences of cybercrime continue to grow worldwide and in the U.S. 

Diversity matters at Amgen

We believe our differences lead to better science and better business outcomes, enabling us to…

Learn More

To help Rhode Island employers protect their companies against these cyberthreats, the Shorrs held a workshop called “How to think like a hacker.”  

Beginning with remarks from Shakour A. Abuzneid, a professor of cybersecurity and networking and incoming program director at Roger Williams University, participants then had their pick of attending the Shorrs’ workshop or a concurrent session focused on how cybersecurity measures can benefit a company’s return on investment. 

- Advertisement -

“If you walk away with anything today, please walk away with a mindset of vigilance,” Lisa Shorr said. “I want everyone to be on the lookout for everything.” 

For instance, employees and managers may feel comfortable leaving laptops on their office desks, keeping desktops signed in over the weekend or leaving email and computer passwords on readily visible sticky notes, the Shorrs noted. 

But even this smaller, familiar environment comes with the same risks, they said. A visitor to the building can easily swipe a laptop into their bag or jot down a user password left on a sticky note, then use the newly acquired data to prey on others in the company. 

Some of the common methods hackers use to steal information and get access to personal and company data range from social deception tactics such as phishing and phone scams to technology-intensive ransomware attacks, which hackers use to lock people out from their own data and demand a ransom, Eric Shorr said. 

Individuals can avoid common social deception scam attempts by always logging into accounts from a web address they typed in themselves – rather than following an email link – or calling the email’s apparent sender, such as a manager, to confirm they’re really making the address, Lisa Shorr said. 

During his opening remarks, Abuzneid urged attendees to take a proactive approach to addressing cyberthreats. With the continuing, massive growth of cybercrimes, true prevention isn’t possible, Abuzneid said, and the traditional “defense in depth” strategy, which prioritizes the identification of strengths and weaknesses, doesn’t hold up. 

“We have to move from defense to offense,” Abuzneid said. “We have to attack [cybercrimes] ourselves.” 

“Forget prevention,” he added. “You can’t prevent anything. But you can be proactive about protection.”  

An additional summit panel focused on how prevention can benefit a company’s return on investment and included insights from Jason Albuquerque, CEO of Envision Technology Advisors LLC; Linn F. Freedman, a certified information privacy professional and U.S. chair of data privacy and the cybersecurity team at Robinson & Cole LLP; and Doug White, professor of cybersecurity and networking at Roger Williams University. 

During a closing Q&A session, panelists spoke of some of the active measures that companies and individuals can take to strengthen their cybersecurity defenses. 

One simple but powerful measure that companies and individuals can employ is two-factor authentication, panelists noted, which involves using a second platform such as an app or text message to verify a log-in attempt after a user first enters their username and password. 

Throughout the event, panelists also spoke on the price of paying a ransom. 

While some companies have avoided reporting cybercrimes out of fear that they won’t be allowed to pay a ransom, Eric Shorr said authorities now give businesses more freedom in how they will respond to a cyberattack. 

“In your business, you may not have a choice,” he said. “It’s no one’s first choice to pay a ransom but if that’s what needs to happen, you can get help with that.” 

But, the Shorrs noted, paying a ransom also comes with risks, such as the hacker not honoring the agreement and giving back data. 

Other panelists also said that true prevention can’t be achieved. 

“Someone in your company is going to get phished,” White said, or have data stolen from a phony replica or a reputable individual or website. “I call it an infinite series because you essentially have an infinite number of people trying to do this, [and] they have an infinite number of attempts to do this.” 

Albuquerque encouraged attendees to have patience and fully “ensure eradication of the threat.” 

If a company doesn’t address all known weaknesses, the same hackers will find their way in again, Albuquerque said. This remediation process might take time, and could involve a response team and working with cybersecurity professionals. 

The event was held with presenting sponsorship from Secure Future Tech Solutions and Roger Williams University, and in partnership with Cox Business, Envision Technology Advisors LLC and Robinson & Cole LLP. 

Jacquelyn Voghel is a PBN staff writer. You may reach her at Voghel@PBN.com.

No posts to display