Category: Blog

Small Business Cyber Security Statistics

small biz trends reports:

  • 43 percent of cyber attacks target small business.
  • Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
  • 60 percent of small companies go out of business within six months of a cyber attack.
  • 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

Taking Cyber Attacks “to heart”

Recently, someone very dear to me had emergency pacemaker surgery.  The successful implant changed her life and possibly may have saved it.  A few days after the surgery I accompanied her to her first post surgical check up.  As we waited in the exam room we reflected on how she felt prior to the surgery and what an amazing difference the pacemaker had made in her daily activities.  She no longer became winded from the smallest of activities and therefore her quality of life improved dramatically.  Besides some post surgical discomfort she could not believe that she now had a device implanted in her body and she now referred to herself as “the bionic woman”.

The cardiologist entered the exam room, wheeling in a cart with what appeared to be some sort of laptop.  He explained that he was going to run a series of tests on the pacemaker and she should lay back on the exam table.  The doctor assured her that there would be no discomfort.  It is important to note that he did touch her with any sort of device or connect anything to her body.  First he said, “I’m going to slow your heart down a little”.  As he looked intently at his laptop screen he said things like, “OK, I’ve slowed your heart down and everything looks good, now I’m going to speed it back up a little”.

I looked with amazement at was taking place.  The doctor had the ability to control her heart rate wirelessly!  Being the curious geek that I am, I began asking him questions about what I was witnessing.  I was astounded by this amazing technology.

After the exam the doctor advised us that “everything looked perfect and the pacemaker was functioning correctly”.  Then he exited the exam room and we looked at one another with satisfaction and both breathed a sigh of relief.

A few moments later a nurse entered the room and sat behind the PC that was in the room.  She appeared to be logging on but seemed frustrated after a few minutes had past.  I asked, “Trouble logging on?”  She replied, “it has been taking forever to do anything on this network since we were hacked a few weeks ago”.  I seized the opportunity and handed her one of my business cards.

It then dawned on me… Had the cardiologists laptop ever connected, in any way, to the medical centers network?  The network that had been hacked recently?  This caused me great anguish and concern.  Of course I didn’t express any of this to the patient lest she worry more than she already was.  I began my research immediately.  Implantable medical devices can, and more importantly, have been hacked.  Many of these devices use old and proprietary operating systems.  Some that still connect to Windows XP and Windows Server 2003: operating systems that have been long past end of life and thus extremely vulnerable.

So now my advice to anyone who will be the recipient of any implantable device is to talk to your care giver and ask pertinent questions about the security and safety of the devices and be sure to let them know that you are a well informed advocate and aware of the cyber safety concerns.

Thoughts on the Equifax Data Breach

Everyone should know all too well, it’s not a matter of IF but rather a matter of WHEN a network will be compromised.  Our personal identifying information (PII) is a “high value” target to hackers.  The recent Equifax hack where over 145,000,000 people had their PII stolen is a perfect case study.  This cyber-attack shines a spotlight on the mistakes that were made by Equifax.

1 – A known vulnerability in their web software was left unpatched for two months.  There were numerous announcements concerning this vulnerability and security patches made available to remediate the software vulnerability but the company took no action.

2 – The company failed to announce the hack in a timely manner.

3 – Several high ranking managers made large sales of their company stock just prior to the announcement.  The SEC is currently investigating.

4 – If there were policies in place that governed a responsible and effective response to the hack were they followed?  Did policies even exist?

5 – Were all safeguards in place and updated with the latest threat management software?

6 – Any entity that has electronic records containing PII, or any other valuable data, needs to have network penetration testing done on a regular basis.  If Equifax had run regular penetration and vulnerability tests they would have detected the vulnerability in their web software and patched it immediately.

Whether you are a large corporation, a small to medium business, government, or just a home with PC’s, laptops, smartphones, etc. you need to take due diligence and secure your electronic assets.

At a recent North Rockland Chamber event an owner of a local business asked me, “I only have two PC’s and a couple of smartphones that connect to my business network.  Do I need a threat assessment?”  My answer was, “if you turned on your computer one morning and the screen had a message saying all of your business files have been encrypted and a bitcoin ransom was demanded and you couldn’t access your customer data, invoicing, etc. what would you do?  His eyes widened and he understood that no business is too small for cyber security planning.

Contact Information

Joseph Koval –President
13 Tomkins Ridge Rd.
Tomkins Cove, NY 10986

Follow us