Surviving Cybersecurity Threats with Jamie Maguire

There are also some great local and regional events including CyberCon (Bismarck), UND CARS Symposium, Fargo BSides Security Conference, and the NDSU Cyber Security Conference.

Q: If a cybersecurity attack happens, what are the first steps a business should take to recover?

A: Get all of the technical people and IT staff involved right away.

What is email compromise?

A compromised email occurs when an unauthorized party gains access to an email account, often through phishing or weak passwords, allowing them to potentially steal sensitive information or impersonate the user for malicious purposes.

What is ransomware?

Ransomware is a type of malicious software that encrypts a victim’s data, blocking access until a ransom is paid to the attacker. It can cause significant disruption to businesses and individuals by holding critical files or systems hostage.

Trying to understand the scope of the incident is the first step. Then, once you understand the scope of the incident, you can better understand how to contain it. So containment is the next step.

Start locking accounts, resetting passwords, removing infected devices from the network, and things like that. Then, you can start to recover. If any devices need to be cleaned or wiped, do that. If anybody’s mailbox needs to be checked out, do that.

Q: If a business is hacked and has information on customers that is accessed, how would you recommend the business communicate with their customers?

A: For our company, we put together a formal incident response plan. We have a documented plan that whenever something happens, all of the steps for action are written out. The who, what, when, and where is all defined. I think that’s a great thing that every business can have. And I think contact information for clients and customers are good things to have in your plan.

Another thing I think is really useful is a tabletop exercise for businesses. So, we bring everybody into a room, the IT people, sometimes even the finance people, sometimes even the C suite, and we run through a scenario—like a ransomware scenario for example. When we do this, a lot of good questions start to get asked.

By the Numbers

• Around 80% of businesses affected by BEC attacks did not have multi-factor authentication (MFA) in place (Cobalt: Offensive Security Services)
• 66% of organizations reported ransomware attacks in 2023 (Cisco Talos Blog)
• Global financial losses from business email compromise scams exceed $1.8 billion annually (Deloitte United States)

Q: What are some of the most common mistakes you see people make once they’ve actually been the target of a cybersecurity incident?

A: One thing I’ve seen before is a hesitancy to involve cyber insurance. I think sometimes, for whatever reason, organizations are hesitant to get the insurance involved. Maybe they do this because they don’t want to pay their deductible or risk their rate going up. So, they think they can kind of contain the incident themselves. That would be a big one. I think another thing is not responding urgently or ignoring certain alerts and warnings.

Q: Are there any new threats with ai that businesses need to be aware of in the coming years?

A: I don’t know that it’s necessarily anything new right now. I think it’s more of the same. One thing in cybersecurity that gets mentioned a lot is social engineering—trying to con someone into doing something that they shouldn’t. And I think we’re seeing AI get applied to that a lot now, and I think we’re going to see more of that. Social engineering isn’t new, but I think AI getting applied to social engineering is probably what we’ll see. This might take the form of deep fake videos or audio, for example. People are going to try and use these to get you to send money or a password.

High Point Networks