Frank Cervone, Director of IT at the School of Public Health, University of Illinois of Chicago, led off and noted that cybersecurity is a concern for everyone. In a recent survey, all retailers are worried about “privacy concerns related to security breaches”. And security of health care data is a major problem; nearly 90% of healthcare organizations had some sort of data breach between 2013 and 2015. There is a huge cost of this. He showed the results of a Google search on “library computer hack”, in which the first result was “How to do whatever you want on library computers”.
“Whale attacks” (going after the big fish) occur when someone sends a message to a high-level person in an organization and they forward it. The problem is inside more organizations. Ransomware attacks are occurring frequently in hospitals; the perpetrators often ask for additional payments. (Thankfully, some hospitals have refused.) Part of the issue is that the organization didn’t take security seriously; 90% of security problems can be solved simply; here are some characteristics of a meaningful security program.
A governance structure should not be just IT telling everyone else what to do. Here are some starting questions for a security program.
The SANS Institute is a good source of security resources.
Here are key topics in a security awareness program.
Jim Peterson, IT Manager and Media Relations, Goodnight Memorial Library, Franklin, KY, said that there is no such thing as privacy.on the Internet any more. Cybersecurity is everybody’s responsibility; Peterson showed a map of current cyberattacks in real time. They come from everywhere. The attackers want email addresses, social security numbers, credit card numbers, passwords, birthdays, etc., but also hardware and bandwidth information for mischievous purposes. The Internet of Things has caused a huge increase in attacks. For example, ransomware attacks can be set up for as little as $5,900, which will result in large payoffs to the hackers–at least $3,000/day. Phishing scams keep working because people fall for them. There is no stopping the attacks. The best defense is a strong password.
Peterson demonstrated Wordfence, a powerful plug-in that defends WordPress-based systems and can provide data on attackers, who they are, and where they come from, then allow them to be blocked. He also showed the list of the worst passwords of 2015:
In closing, each of the speakers offered the audience one piece of advice:
- Peterson: Change your password.
- Cervone: Use different passwords for everything (and recognize that if something seems unreasonable, it is).