16 | January 29, 2015 | Johns Creek Herald | johnscreekherald.com
Sponsored by
There’s so much going on, and no one has the magic bullet that’s going to make you secure, GREG FREEMYER, senior consultant at IAC Forensic Services
JOIN TODAY: 770-993-8806 • WWW.GNFCC.COM
Panel offers heads-up advice on data breaches By PATRICK FOX pat@appenmediagroup.com ALPHARETTA, Ga. – All companies should have an action plan for data breaches, because the number of cyberattacks is growing, a panel of industry experts told business leaders last week. From 2005 to 2013, at least 613 million records have been compromised in the United States, Ralph Pasquariello of Snellings Walters Insurance Agency said at the monthly Tech Forum of the Greater North Fulton Chamber of Commerce. “The cost of global cybercrime annually is $114 billion,” he said. “The average organizational cost of a data breach … is $5.4 million, and each compromised record costs a company $188.” Pasquariello was one of seven experts from law, insurance and technology to provide insights to the crowd of about 50 people gathered at the Marriott in Alpharetta. Greg Freemyer, senior consultant at IAC Forensic Services, said that because of the costs and legal liabilities associated with data breaches, all companies should conduct a security audit. He said a SANS Review, offered by the SANS
CORRECTION The New Business Spotlight featuring El Don Bar and Grill (Jan. 22) ran the wrong address. The correct address is 6320 Atlanta Highway, Alpharetta.
The number of data breaches in the United States is growing. From 2005 to 2013, at least 613 million records have been compromised. Institute, or an International Organization of Standardization audit (called an ISO 27002) can help businesses lay the groundwork for establishing a security system. Implementing an in-house data security system is costprohibitive for most companies, he said. And, even when implemented, it wouldn’t protect against new methods hackers are developing to invade networks. “There’s so much going on, and no one has the magic bullet that’s going to make you
secure,” he said. Another step companies have been taking to increase security is to link up with a cloud service, said Gerry Baron, chief marketing officer at Cirrity. Most organizations cannot invest the same amount of money and resources into cyber security as a cloud service can, he said. Cloud services have fulltime technicians working with the latest equipment to provide data security, he said. Debbie Risher, a CPA with
Smith & Howard, said it’s often difficult to tell when a breach has occurred. If a company has the proper software in place, she said, security breaches can be flagged in most cases through logs. “If you don’t have those, then you’re kind of at the mercy of the outside world,” she said. “It could be customer complaints. It could be a third-party vendor. It could be law enforcement after they’ve gotten complaints from a customer.” Another indicator could be
an increase in spam or malware on a company’s network, she added. Thomas Foxx, a cyber-specialist with Travelers Technology Products, said all organizations are the target of hacking activity. Right now, the larger companies are receiving all the attention, but it’s likely all the mid-sized organizations have already been hacked, he said. “We’ve found that the majority of the small and midsized organizations – more than 50 percent of the ones we surveyed – were breached,” he said. “That’s why we push for some type of risk mitigation.” The most important thing a company can do to protect itself is have an action plan in place to handle cyber-attacks. And one of the first steps in that plan should be contact a skilled attorney, said Gina Ginn Greenwood, an attorney with Baker Donelson. “First of all, I think you need a good lawyer and a good consultant and a good forensic examiner,” she said. “You need to have a good emergency preparedness plan.” Greenwood said companies should have these emergency personnel on speed-dial, on call at any time. Sometimes, calling an attorney first can ensure that the investigative process can be covered under attorney-client privilege. “It amazes me when we get calls at how many companies really don’t even understand what laws apply to them,” she said. “They’re in the middle of a huge breach, and they’re not even sure which laws apply.”