Top 10 Takeaways from the Hawaiian Telcom University Cybersecurity Event

Cyber threats are happening more frequently, and Hawai‘i businesses are not immune. During a recent Hawaiian Telcom University educational event, we reviewed local cybersecurity trends and discussed how businesses can better prepare for cyberattacks. Below are the top 10 takeaways from the event.

1. Your business is always a potential target for a cyberattack.

When it comes to cybersecurity measures, many businesses, especially here in Hawai‘i, often think they are not large or special enough, or that our state is too remote to interest cybercriminals. This is not what the experts are seeing right now. Automated attacks continue to rise year after year. Cybercriminals are not going for quality, but for quantity. They will target as many businesses as they can, regardless of their size or geographical location, looking for weaknesses. Therefore, when it comes to cybersecurity, even doing the basics helps prevent an automated attack. As the saying goes, you don't have to run faster than the bear to get away, you just to run faster than the guy next to you.

2. Hawai‘i cyberattack statistics are alarming.

According to the FBI Internet Crime Compliant Center, in 2020 the total reported victim losses were $13,671,531 in Hawai‘i alone. There were 1,978 incidents in the state over the course of the year, with $3,168,489 successfully swindled by cybercriminals. It is important to keep these numbers in mind when considering how much risk you need to plan for your organization.

3. Phishing attacks are becoming more sophisticated.

 Business email compromise remains the main gateway to organizations. Cybercriminals use email accounts to gather important information, such as who makes the decisions or if there are any big transactions coming up. The most likely time for a breach is on weekends and holidays so businesses should be extra vigilant during these times. There is also a large amount of data being leaked all the time. Cybercriminals do what’s called open-source intelligence gathering, which is collecting information from a publicly available source, such as company’s social media sites. Armed with this information, cybercriminals are able to contact employees with malicious emails. The scale of these breaches, their frequency, and the amount of data harvested is rapidly growing.

4. Distributed Denial of Service (DDoS) attacks are continuously increasing.

Experts are seeing an increase in DDoS attacks, when cybercriminals block business websites and demand a ransom in return for access. According to Radware's Quarterly DDoS Attack Report, in the second quarter of 2021, the average blocked volume per customer has increased by 40% compared to the same period in 2020. The average attack size in Q2 grew by over 10%. The most targeted industries are technology, healthcare and finance. The more services businesses offer online, the more targeted they become for a potential cyberattack. In addition, Hawai‘i is in a unique situation because our Internet is not provided over satellites, it comes through undersea fiber optic cables. As a result, though we are fairly limited in our exposure to the DDoS attacks, it is important to consider the impact we might face if our upstream providers are attacked.

5. Ransomware attacks are evolving.

This year we saw some of the biggest ransomware attacks such as Colonial Pipeline, JBS and Kaseya VSA. In addition to the victim's data being encrypted, there are now cases of it being auctioned to the highest bidder if the ransom is not paid.

6. Consider your maturity level before implementing any new security measure.

With the numerous cybersecurity measures available, you need to consider the level of maturity of your business before implementing any new cybersecurity solution. It is important to start with the basics, as illustrated in the Cybersecurity Maturity Model Certification Pyramid.

7. Cyber liability insurance is just a piece of the puzzle.

Cyber liability insurance is not a replacement for good cybersecurity controls. You would not drive your car without a seat belt even if you have full coverage. It is usually just a piece of the puzzle, an addition to all the basic cybersecurity measurements such as getting your maturity model up to a certain level, good logging, patching, and monitoring. Virtually every organization needs cyber liability insurance, however, there are a few important things to keep in mind:

• Insurers are now requiring proof of security controls. They want to ensure businesses are doing their part to avoid cyberattacks.
• The average insurance premium in Hawaii is $1,519 per year ($1,000,000 coverage - $10,000 deductible). It should be expected that the premiums will rise sharply after a cyberattack.
• Cyber insurers have been hacked for targets of who carries coverage. It is important to ask your insurance company questions about their security measures as well. 

8. Hiring a cybersecurity specialist is getting harder. 

Finding a cybersecurity candidate prior to 2021 was already difficult. Switching to remote work has changed the game. With cyberattacks on the rise, cybersecurity experts are now in high demand. There are more than 500,000 cybersecurity job openings in the U.S. today. The possibility of working remotely has affected the availability of local cybersecurity specialists in Hawaii. Full time remote positions can offer competitive pay at an organization located anywhere in U.S. 

9. Cybersecurity training is transforming.

This is one of the coolest changes that has been happening in the cybersecurity sector. Instead of the training that costs several thousands of dollars, “pay what you can” options became available for some of the introductory training. Some companies are even offering cybersecurity training for free. This training model is making it easier for those considering cybersecurity as a career to pursue their vacation. Because there is a great deficit in specialists in the industry, this change is extremely exciting. 

10. Actions you can take to protect your business from cybercriminals.

There are certain practices that proved to be very effective against cyberattacks. Here is the list of some actions you can take to make your business less susceptible to a cyberattack:

• Disable Remote Desktop Protocol(RDP) to the Internet. This is now a requirement with some cyber insurance companies.
• Test your backups. Follow the concept 3-2-1 - have three copies, two onsite and one offsite. Make sure you test your backups.
• Establish a regular patching cycle. Very commonly in a cybersecurity process big things get done and small things get overlooked. Regular patching is the basic cybersecurity measure that is crucial in preventing a cyberattack.
• Install effective email filtering. Business email compromise happens very often and one of the best ways to combat that is having a good email filtering service in place.
• Vet third parties. Ask all your vendors about their cybersecurity measures on a regular basis to ensure their safety measures are still in place. Here are some examples:
  • Do we have a process for fixing backups?
  • Do we have an instant response plan?
  • Do you use two-factor authentication? - This should be the first question you ask any new vendor. 

If you want to find out more about the information presented at Hawaiian Telcom University event, you can watch the recording of all three cybersecurity sessions here.

CBTS | Hawaiian Telcom has been helping many customers improve their cyber security posture. Solutions like Email Security, Endpoint Protection, or even Managed IT, can greatly lessen the risk of a cyber attack. If you would like to chat more about securing your business please call us at 808-777-6027 or visit our website for more information. 

Evan Horton is a senior manager - network services operations for Hawaiian Telcom. You can reach him at evan.horton@hawaiiantel.com.

© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.