It has happened to nearly everyone: Someone hacked into your Facebook account, or your bank had to send you a new card because of fraud detection. Maybe it has been more serious than that, and someone mined your Social Security number and bought a sports car on your credit. Often, we can just change our passwords and forget it ever happened, but for businesses, a simple breach could cost revenue and customers.
On Sept. 29, ASU, Estrella Mountain Community College (EMCC) and the Southwest Valley Chamber of Commerce partnered for a breakfast event at the community college for local businesses to learn about how they can stay secure in an increasingly digital marketplace.
“As an economic driver for the state, I think it is critical that higher education and the business community continue to come together to share resources and solve problems,” said Heather Weber, the dean of Occupational Education at Estrella Mountain Community College.
The event featured speakers and experts from ASU, the private sector and government who discussed everything from email phishing to dark web hacking services for sale.
Paulo Shakarian, an assistant professor at ASU's School of Computing, Informatics, and Decision Systems Engineering and the CEO of IntelliSpyre, which has technology that tracks malware sales on the dark and deep webs, said that every year software companies disclose approximately 15 thousand vulnerabilities. Dan Krpata, formerly of RSA, said there was nothing we could do to make any major changes in the cyber crime landscape.
So what a company to do in such a dire situation?
Nearly all of the speakers emphasized that awareness of the environment, as well as a good plan, are the keys to success, even in the event of a hack.
Kim Jones, the director of the ASU Cybersecurity Education Consortium, had three rules to live by.
“One, don’t panic,” he said, specifically referencing the looming threat. “We whoop up on bad guys pretty damn well.”
Two: Kickstart your awareness and planning around your data. And three?
“Don’t focus on the third-rail data” — the kind of data that could be immediately financially damaging to the company, or data that is of the personally identifiable kind, like Social Security numbers.
Why? Because other data can aggregate to provide a clear picture of financial transactions or customer information. Jones gives the example of a 2012 story where Target, through similar aggregation, was able to send a man’s teenage daughter coupons for maternity clothes before he was aware she was pregnant.
Jamie Winterton, the director of strategy for the Global Security Initiative at ASU, moderated the entire event. She loved the focus on people and shared responsibility that the speakers highlighted.
“I love that you focused on the people. It’s not just a computer’s problem. We’re never going to get to the point where we say, ‘We have written enough code; we are now secure.'”
Leslie Swanson, who works at Salt River Project and used to be on the board for the Southwest Valley Chamber of Commerce, said she was there representing her company and supporting the community.
“I think there was a lot of information about different entities here in the Valley that nobody was really aware of, so it was kind of like a one-stop shop,” she said. “Now we’re going to have to go back and process the information.”
Other participants also felt the event, though short, was helpful for local businesses.
“The reason I came here was to learn how to protect my company, and that was done,” said Patty Hannon, of OCM Recycle West. “I thought it was very informative.”
Weber and the team at ASU and the Southwest Valley Chamber hope that their collaborative approach to what seems like an insurmountable problem can be an example for other parts of the Valley and the nation.
“The event helped inform small-business owners that everyone has responsibility and role when it comes to cybersecurity,” said Weber. “The more we can work together with local agencies on global issues such as cybersecurity, the more effective and responsive we can become.”