Cybersecurity Experts Warn Businesses That The “Attack Surface Has Expanded”
Phishing. DDoS. DNS tunneling. Man-in-the-middle. Ransomware Attack.
No executive in corporate America ever wants to hear these utterances. They describe variations of cyber-attacks that can bring a company or government organization to its knees.
Data breaches rose 17 percent through Sept. 30, 2021 to 1,291 compared with 1,108 breaches for all of 2020, according to Identity Theft Resource Center. And attacks cost companies around the world an estimated $1 trillion.
“There are more threats,” said George Davis, Executive Vice President at Evergreen Advisors. “There are bad people doing bad things.”
He warns that for businesses the “attack surface has expanded.”
Davis was part of a panel discussion on the state of the cybersecurity and why Maryland holds a strong position in the industry. The discussion was hosted by the Association for Enterprise Growth and Think Systems.
Other panelists included Stacey Cameron, CEO and Co-founder of QoS Consulting Solutions; Terry Bazemore Jr., Chief Operating Office of Ey3 Technologies; Xiomara Olmeda, Cyber Incubator Manager at bwtech@UMBC Research and Technology Park, and Kimberly Mentzell, Cybersecurity Program Manager at Maryland Department of Commerce. Tasha Cornish, Executive Director of the Cybersecurity Association of Maryland, Inc., moderated the panel discussion.
Cornish asked Mentzell why Maryland is considered a hotbed for cybersecurity.
Maryland, Mentzell said, is the “epicenter” for cybersecurity and the state is a national and global leader. “We have all of the agencies,” she said. “We also have a great deal of interest in our area.”
One key to the state’s success is that Maryland has both academic and government resources that provide a strong network for companies and help them develop. She said Maryland is attracting companies on a global scale.
“We are continually growing,” Mentzell said.
Indeed, cybersecurity has been hot. Last year, cybersecurity startups raised a record $30 billion, compared with the $12 billion raised in 2020, Davis said.
He expects the industry to catch its breath in 2022 since the market is awash in capital. “It’s going to be a good year to retrench and build a better plan,” he said.
While companies recover from a blowout 2021, Olmeda’s mission is to support great ideas in the Cyber Incubator@bwtech. The incubator is a home to about 45 young companies specializing in cybersecurity, IT products, and technology services. They receive support ranging from office and co-working spaces to training programs focused on government contracting to UMBC faculty members who are experts in the field. There are also entrepreneurs in residence who help these budding companies commercialize products and ideas.
Cornish asked QoS’s Cameron about common security issues she sees as a consultant. She said many executives of startups are so focused on building a business, developing products, and bringing them to the market that cybersecurity becomes an afterthought.
“I have seen a lot of companies trying to recover because of security afterthoughts,” she said. “From the executive standpoint your executives have to promote security. You want to look at it from an enterprise standpoint.”
Even members of the company’s board of directors should be aware of cyber threats and understand the importance of adopting measures to protect company data, trade secrets, information, and internal and external communications.
Bazemore of Ey3 Technologies said there are several technologies that are making a difference in thwarting attacks. He likes Lockheed Martin’s Cyber Kill Chain, which identifies threats, prevents cyber intrusions and ultimately mitigates damage.
He also believes “zero trust” provides a “muscular defense” especially for companies that have not yet upgraded older systems. Zero trust uses layers of authentication and authorization to validate a user before they can gain access to a system.
Cameron warns executives that executives should know that at some point their businesses will be attacked.
“Security has to be done from start to finish,” she said.
