- April 10, 2015
Joe Swanson, a former federal prosecutor who is now co-chair of the cybersecurity practice at Carlton Fields law firm in Tampa, says protection from cybersecurity threats begins with preparation.
“This is an issue that should be on the radar screen for any company out there,” he warns. “It's no longer true that only banks and hospitals are likely targets for cybersecurity attacks. The perpetrators of hacks are looking for soft targets. In their eyes, that means looking at other industries where companies have harbored the view that they needn't worry about [cybersecurity], and so they may not have the protections in place that other industries have been forced to develop over the years.”
And cyberthreats are evolving, so it's folly to focus on one specific type of attack. “What we're seeing with increasing frequency is a one-two punch,” he says. “The attack may look like one thing, but it's really a means to an end.”
Hackers, he explains, might start with a run-of-the-mill phishing expedition aimed at lower- or mid-level employees. But their ultimate goal is to use that as a springboard for installing malware on the company's network. That malware will allow the hackers to monitor business activities, such as the schedule and frequency of wire payments and executives' email writing styles.
“Then the hacker will be in a position to send an email that purports to be from an executive or someone in finance directing the payment of a wire,” Swanson says.
To respond, Swanson says it's imperative to have a rapid-response plan and ensure employees know where it is and have the necessary training.
“These are not lengthy, cumbersome documents,” Swanson says. “But what they do in a pragmatic way is say, 'Hey, here's who's on our incident response team: We've got so-and-so from legal, so-and-so from finance, so-and-so from IT and security. If there is a threat or an incident, we're going to convene a team and these are the different thresholds we're going to have,' ... and then certain actions will trigger, depending on the severity of the incident.”