Congressman, panel say education, resources best defense against cyber attacks
Educating workers, providing more resources, and enacting new laws could help protect businesses and individuals against data breaches, said a panel of cyber security experts in Aurora on Tuesday.
With more attacks daily on networks and the personal data they hold, companies should provide educational or training programs to prevent workers from clicking on unknown emails, links or attachments, experts said. The training also could provide insight on what to do if an attack happens and how to restore or find affected information. The state and federal governments also need to develop a better system to alert people of known hacks, they said.
"My business is very regulated on the state and federal level, but they don't do a good job of monitoring cyber attacks," said panelist Mike Lee, president and CEO of KCT Credit Union in Elgin. "New things are dreamed up all the time."
The suburbs are part of that global threat, including the village of Wauconda's website that was hacked last week when municipal information was replaced by anti-American and anti-Israeli photographers and pro-Islam messages. And local consumers were victims of data breaches from Target, Jewel Osco and other department stores.
The barrage of new and different types of scams, viruses, malware and other hacks that take a network hostage has been happening more frequently than ever before.
Congressman Bill Foster, an Aurora Democrat, hosted the panel discussion. Besides Lee, the event included Randi Parker, director of public policy and public advocacy for Downers Grove-based CompTIA; William J. Hodor, staff attorney for the U.S. Federal Trade Commission in Chicago; Sean McCloskey, branch chief for cyber security adviser program and cyber security evaluations for the U.S. Department of Homeland Security in Washington, D.C.; Bill Winsininski, vice president for ByteGrid in Aurora; and Terence Felton, chief information offer for Waubonsee Community College.
Foster said he wants to move forward with laws that could help businesses regarding cyber security. He briefly touched on HR 1560, or the Protecting Cyber Networks Act, which passed the House this past spring. The Senate passed S754, or the Cybersecurity Information Sharing Act of 2015, on Oct. 27.
Both would allow the federal government to share information about the latest cyber threats with businesses in the private sector and allow businesses to share cyber threat data with the government.
This sharing of information would help both business and the government react more quickly to developing cyber threats, Foster's aide, Adam Elias later said.
Both bills also require participating companies and government agencies to review the data they intend to share to remove personally identifiable information.
They create liability protection for participating entities and restrict how the government can use the data private entities share with it, Elias said.
But the primary tool, Foster and others said, is education of employees and company executives.
Since October, CompTIA has been offering a new cyber security training program for businesses, Parker said.
Homeland Security has been offering free resources for companies and offers assessments. About 300 assessments have been done so far, with about 75 expected per year. The assessments primarily look at asset, people, information and who has access to data, the technology and the facilities.
"It's a holistic approach," McCloskey, said.