Program: Michael Hutton – Data Security

Let’s start at the end.

When Michael Hutton finished his presentation on securing your data, time was running short, so when President Todd waved the microphone and asked it there were any hot questions, I grabbed it and asked whether the criminals stealing your data or taking it hostage were ever caught.

The answer was “not many” although apparently not for lack of trying. He mentioned the FBI and other law enforcement agencies who pursue these crooks.

Mr. Hutton, who was introduced by Rick Jorgensen, spent most of his career working for intelligence services in Washington doing risk assessment.  He is now a principal at Titan Risk Consultants and talked to the Club about the fundamentals and importance of Incident Response Plans in allowing a business to overcome cyber-attacks that compromise the integrity of their systems and information.

Yes, you can insure against cyber criminality, but you better be able to demonstrate that you have a risk management plan in place to both reduce the likelihood and recover in the event that a successful attack is launched. He defined Response Plans as a structured set of actions that a company takes when it has suffered any type of event that threatens their systems and information. 

The threat that gets the most attention are the data breaches that capture credit card information and Social Security numbers because they put a lot of people at risk and not just the entity that held the information.

The other significant threat that he covered was the attack that disables a system or a data base and is held for ransom. This gives the choice to the owners of the system whether to try to recover or to just pay the ransom.  Whole cities have faced this choice and paid hundreds of thousands to get their systems back.

One of the surprising statistics he shared was that the average ransom was less than $5,000 which says that the easiest targets are smaller companies that don’t think them can afford very sophisticated defenses. He also shared that paying the ransom did not necessarily guarantee that the crooks would turn the systems loose. A significant number don’t, and another percentage demands even more ransom money.

In passing, he also mentioned that he would never have an Alexa device in his home. This got my attention since I have one of the cylindrical devices at my bedside.  I guess it’s worth remembering that these are “always on” devices with an open microphone connected to your wifi. I don’t worry too much about this because usually the most exciting thing happening in my bedroom is me yelling at my cat Lily and throwing a pillow at her in the middle of the night when she jumps up on the dresser and starts banging on the mirror to try to get my attention.

In closing, Mr. Hutton noted that well-led companies respond to and solve crises. And, if executed properly, a Response Plan will enable a business to minimize the loss of revenue, damage to its reputation and the loss of customers.

For a good primer on data security, Mr. Hutton provided a PDF file that was originally prepared for the Fayetteville Chamber of Commerce that can be found at http://durhamrotaryclub.org/wp-content/uploads/2020/03/Hutton-Data-Security-QA.pdf.

Submitted by Jay Zenner

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.