James “Rocky” Query has been named interim vice president for finance and administration at Sweet Briar College.
He previously was the chief financial officer for Sterling College in northeastern Vermont. He also previously worked for Saint Joseph’s University in Philadelphia.
For more than 20 years, Query was a public finance investment banker for Morgan Stanley and Lehman Brothers on behalf of many colleges a universities nationally.
Query also served as a member of Sweet Briar’s board of directors and chair of its finance committee until stepping down in recent weeks to assist the administrative team in developing the college’s next strategic financial plan.
Waynesboro-based Lumos Networks Corp., a fiber-based service provider, has signed a multi-year agreement with the Virginia Military Institute to provide 1.5 gigabit of dedicated internet service to its Lexington campus.
Lumos also will provide VMI with a 1 gigabit dedicated internet connection at the Rockbridge Area Network Authority (RANA) data center. The data center is connected to the Lumos network.
Lumos Networks serves 26 markets in Virginia, West Virginia, North Carolina, Pennsylvania, Maryland, Ohio and Kentucky with a fiber network of 10,907 fiber route miles.
The company also connects 43 data centers, including five data centers acquired from DC74, two acquired from Clarity Communications and seven company owned co-location facilities.
The spy-thriller television series “Homeland” will be filmed in the Richmond area this fall.
Gov. Terry McAuliffe announced on Tuesday that the award-winning series will film its seventh season in Central Virginia. The episodes will be shown on the Showtime network next year.
The series is produced for Showtime by Fox21 Television Studios.
Production of “Homeland,” which stars Claire Danes and Mandy Patinkin, returned to the U.S. last year after spending the two previous seasons shooting in South Africa and Germany.
The “Homeland”anouncement follows the recent end of production of two other TV series in the Richmond area, AMC’s “Turn: Washington’s Spies” and PBS’ “Mercy Street.”
“The film production industry is a significant economic driver for our commonwealth,” McAuliffe said in a statement. “With every new film or television series that comes to Virginia, this thriving industry continues creating jobs, generating tourist activity and building momentum for even more great new projects.”
“Homeland” is eligible to receive a Virginia film tax credit and grant. The exact amount will be based on the number of Virginia workers hired, Virginia goods and services purchased, and deliverables including Virginia tourism promotions.
The TV series was developed by Alex Gansa and Howard Gordon. “Homeland” is based on the Israeli series “Prisoners of War” by Gideon Raff.
Washington Dulles International Airport has begun nonstop Air India service to New Delhi.
The inaugural flight was marked Friday with a ceremony at the Dulles airport attended by delegations from the Commonwealth of Virginia, the District of Columbia, Air India and the Indian Embassy.
India currently represents 6 percent market share of all international travelers to the commonwealth, making it Virginia's fourth-largest market.
As part of an effort to stimulate travel to Virginia through Dulles Airport, Gov. Terry McAuliffe proposed a $1.25 million incentive package to Air India over three years beginning in fiscal year 2018.
In addition, the District of Columbia plans to provide $250,000 this year to support the partnership. Tourism marketing support will be provided by the Virginia Tourism Corp., Capital Region USA (CRUSA), and Destination DC.
In 2015, India was the fourth-largest overseas market for the Capital Region, which welcomed more than 122,000 Indian visitors—a 25 percent increase from 2014.
Reston-based IT services company NCI Inc. is being bought by an affiliate of H.I.G. Capital LLC for $283 million.
Under the terms of a definitive agreement, H.I.G. will commence a tender offer no later than July 17 to acquire all outstanding shares of NCI’s common stock for $20 per share in cash. NCI’s board of directors has unanimously approved the transaction.
“This partnership with H.I.G. Capital will offer NCI an opportunity to accelerate our growth strategy; enhance our delivery of premier solutions to our customers, including the use of artificial intelligence and agile software development to increase the speed, productivity and capability of their missions; and create new opportunities for our employees,” Paul A. Dillahay, the president and CEO of NCI, said in a statement.
H.I.G. Capital is a private equity investment firm with $21 billion of equity capital under management.
Publisher Bernard A. Niemeier is now the sole owner of Virginia Business.
Virginia Capital Partners, a Richmond-based private equity firm, had been Niemeier’s equity partner in the magazine since it was acquired in September 2009 from Media General Inc.
Niemeier, who has been publisher since 2007, purchased all of the outstanding ownership rights from Virginia Capital Partners in a deal that closed on Friday. Financial details were not disclosed.
He was assisted in the transaction by the Gentry Locke and Virginia Community Capital.
In May, a “ransomware” attack locked up the data of more than 230,000 computers in over 150 countries around the world. Using a computer virus called WannaCry, hackers held the data for ransom, demanding their victims make payments of $300 each in bitcoin, a difficult to trace digital currency.
The incident was just the latest example of the large-scale business breaches that grabbed headlines in the U.S. and abroad.
In the same month that attack occurred, the giant retailer Target announced that it had reached an $18.5 million settlement with 47 states and the District of Columbia to resolve investigations into a 2013 breach that affected 41 million customers.
In March, two Russian intelligence officers and two hackers were charged in a Yahoo data breach affecting at least 1 billion user accounts.
Closer to home, MedStar Health, based in Columbia, Md., last year suffered a cyberattack that forced it to turn away patients and shut down computers at hospitals and other facilities.
Large businesses have beefed up their security in recent years. As a result, hackers increasingly are preying upon smaller companies that may not have robust cyber defenses.
How vulnerable are Virginia businesses to cyberattack risks?
To get answers, Virginia Business hosted a cybersecurity roundtable with a panel of seven Virginia experts from a wide range of industries.
The group included:
Joseph DePlato, chief technology officer and principal cybersecurity architect with Bluestone Analytics in Charlottesville.
Michael Hardin, vice president, risk management, at Apple Hospitality REIT in Richmond.
Collin Hite, practice leader of the Cybersecurity & Data Privacy Group and the Insurance Recovery Group at Hirschler Fleischer in Richmond.
David Inabinet, director of technology with Riverside Health System in Newport News.
John Lewis, vice president of information technology at Lumos Networks Corp. in Waynesboro.
Milos Manic, computer science professor and director of the Modern Heuristics Research Group at Virginia Commonwealth University’s School of Engineering in Richmond.
Alyson Newton, vice president and Executive and Professional Specialty Practice leader with Marsh & McLennan Agency LLC (formerly Rutherfoord) in Richmond.
The discussion was held at the offices of Virginia Business in Richmond in late April. The following is an edited transcript.
VB:[What are] the biggest changes that you’ve seen recently in cyberattacks?
DePlato: In the past, you were seeing a lot of threat actors scanning the internet, [doing research using sources such as LinkedIn and Facebook], on their targets and then attempting to breach their targets. That’s changed rather quickly within the last year. People have become smart in securing their infrastructure. They know to put a firewall in place. They know to put multi-factor authentication, for example, in front of external-facing systems. Actors are doing phishing scams to get into these organizations, or the new term now is “whaling,” where they go after your CTO [chief technology officer] or CEO — your high-value targets at an organization. Once they break into those organizations, they’ll deploy a ransom on the network, locking these organizations down so they can’t function until the ransom has been paid.
VB: Mike, what are you seeing?
Hardin: As far as the hospitality industry goes, we’ve worked very closely with the brands of the hotels that we work with and also our third-party management groups. As to what Joe touched on, we’re focusing on making sure we have the proper hardware in place and that it is current and up-to-date along with current antivirus loaded on these machines to thwart those attacks. And we work with our group to make sure, if we need cyber insurance, we put our heads together and evaluate those options. Finally, we educate the people on the front lines of the potential threats, whether it’s through email, through phone, or in person, to keep an eye out and be prepared to handle those potential threats.
Inabinet: I’d like to add something to what Joe was talking about. You know the old-school type of scams out there on the network looking for vulnerable servers and things that are open — that still happens, but a lot of medium and larger companies have the budgets to buy all of this nice technology whereas smaller companies are like, “Well, maybe we aren’t as much of a target,” or maybe they just don’t have the resources to spend the money to protect themselves. What we’re seeing is a lot of smaller organizations are being targeted as much as bigger businesses because the bad actors now are well aware there may be a third-party relationship [that can make the companies vulnerable]. Remember the Target breach was a little breach that became a huge breach, and an HVAC contractor [working for the retailer] was the source. This smaller target was breached and [the attacker then] got into Target, and we all know how that turned out. Also to add on to what Mike was talking about, all of the technology is great, but we’ve found in talking with other people with health care … we have found really the number one thing you can do is educating your people [to be wary of suspicious emails or attachments].
VB: With the emergence of electronic medical records, is that a new issue?
Inabinet: Absolutely. You know they say your medical record is worth so much more on the dark web compared to a credit card. A credit card [theft] is kind of one and done, but with your medical record, especially someone who has some status, that’s worth a lot of money. Protecting that patient data is really job one.
Lewis: One of the things that has changed a lot is that, in the old days, companies used to have all their assets in one location, and a single firewall could protect you. Now with mobile devices … you really have to focus on protecting every device and training people and monitoring … To David’s point, it really comes down to the end users — it’s more important to educate them to be suspicious first in whatever they do … Companies also deploy all these cameras … and they can be taken over and used to attack people. It’s a real problem. You’ve also got a lot of smart TVs in households. So, there’s a lot of activity happening in people’s home networks that are reaching out to the cloud, and most homes don’t really secure themselves. That’s a fear for us. What do you do when an employee goes home and they’re using their gadgets? Is what they’re doing on their own network putting us at risk in any way?
Manic: I would like to add something. With the expansion of [internet of things] devices, everything talks to everything. It brings a great deal of comfort and luxury to everybody to do things remotely, which sounds really nice. The problem is interdependencies on a small or larger level. I organized the first [National Workshop on Resilience Research for Critical Infrastructures] about a year and a half ago [and much of the discussion concerned interdependencies]. We have a very hard and difficult time figuring out interdependencies.
VB: John, could you talk specifically about the threat to our infrastructure and how vulnerable that is to cyberattacks?
Lewis: I think everything is vulnerable if it’s a targeted attack. The big fear is — to Dr. Manic’s perspective — the interconnectivity of everything. Attacks can come in many ways. … I think a big challenge we have as a country, as an industry, is establishing industry-driven standards that everyone adheres to and then sharing weaknesses or sharing events. A lot of companies are really not willing to publicly announce, “Oh, we’ve had something bad happen. Hey, everyone, pay attention.” That may be embarrassing for a variety of reasons. Everyone is looking for guidance. There are lots of ideas, but there isn’t any mandated organization either from a government or from an industry saying, “We have to step up our game, and everyone has to follow this standard.”
Manic: We are not thinking enough [about threats] until something forces us to. Why? Because it costs. End of story … There’s something called fault tolerance. It’s a fixed algorithm: If this happens, I’ll do this. The problem is the approach is reactive. You’re talking about something you know has happened, which has no value tomorrow, because tomorrow is going to be a new day. So here we come to resilience, which is the idea of intelligent response or getting up after you fell down. It cannot be treated with the same algorithm because it’s going to be a different fall. That brings another facet … in this game, which is some kind of machine-learning. Trying to figure out how proactively what can go wrong, and if something goes wrong, trying to stay one, two, three, five steps ahead of the bad guys. So machine learning, artificial intelligence, call it any which way you like, I’ve been teaching and preaching about it for the last 15 years.
VB: Do we have enough people to combat these attacks? Is anyone having issues with trying to get cybersecurity professionals?
DePlato: I would say people are definitely interested in it, but it takes a specific mindset. You have to have a very analytical mind, want to solve puzzles and want to do deep analysis. In practice, what I’ve come across are a lot of managed-service providers who think that they can do security, and their idea of security is throwing some firewalls in place, putting some security appliances in place, and it ends there. And I’ve come across people that are in the cybersecurity realm that just like being known as a cybersecurity analyst or a professional hacker. But they don’t have that next level of knowledge. They don’t understand the long view or how to take an organization from where they are right now and get them to a point where they are secure and can actually defend against an attack.
VB: Mike, what about you? Are you able to find what you need?
Hardin: Well, personally for us, we rely heavily on the brands that we work with, and it’s more their role to hire and bring in those professionals. So they handle that for us. But we have an internal team that works together with everyone in our groups to make sure we’re staying ahead of the game, staying ahead of what’s coming. It’s a constant reminder that we do have to stay on top and ahead of these things and see what’s coming, make sure we’ve gone back and double-checked everything again, double-checked the training. We always want to be aware.
Manic: Our senators and congressmen state we have 17,000 open positions in [cybersecurity] in our state. That’s second only to California, which has 19,000 open positions. There’s this huge need that some universities like VCU are trying to fill. There are a number of strong universities in the state. All together I doubt they can fill the void. VCU had been trying slowly to grow this angle of cybersecurity certificates for those with different backgrounds. That’s probably the key because, just looking at young generations going into cyber education, it’s not enough. We need to recertify, retrain people with different backgrounds to somehow start filling the void.
Inabinet: It definitely takes a special kind of person. You have to be a really good analyst and be curious and realize how things yesterday are not necessarily how they’ll be today. It’s a constant cat-and-mouse struggle with trying to secure these networks.
Lewis: From a talent perspective, we struggle finding the right talent. In a lot of cases, we’re always looking for people that have experience, and they are just hard to find. The good ones are already taken. You’re playing the compensation game. The really good ones will train up with you and then leave. That’s a challenge in itself. But even with the younger generation, the more tech is commoditized; there are fewer opportunities for people to really understand how technology works to get over the hump and start learning about protocols and learning how to beat systems. There are lots of people that have pretty résumés. You bring them in and talk to them, and they’re book smart. They’re not going home at night [to] read and dream about this and take things apart and ask why. It’s the people that are really willing to go above and beyond what they’re told to do and have initiative. That’s the hard thing to find.
VB: We’re going to talk a bit more about the insurance and the legal side of things. Alyson, how can small businesses protect themselves?
Newton: I think first organizations have to understand that it’s an enterprise-wide discussion. It’s not just a discussion that should be had at the IT level. It should be had at all levels of the organization, starting with the board, the executive officers and filtering down to the employees. Doing training exercises to understand, “I shouldn’t be opening this email.” So it can’t be siloed in the organization. Secondly, I think you really have to know your data. What do you have? Where is it housed? What are you using it for and who has access to it? Is it backed up? And then also one of the areas we talk a lot about with our clients are outside vendor contracts. Some companies say that because their payroll is outsourced, “That payroll provider is liable if something happens to my data.” No, you are, because it’s your information, and you are legally responsible for it. I think [it is highly important to go] through that whole discussion of what should the culture be at the organizational level and then developing a checklist of everything you should be going through and to be very aware.
VB: Collin, would you like to add something here?
Hite: The first thing for the smaller and medium businesses [is to realize], as the others have said, you are a target. This idea that the criminals only want the Targets or the Home Depots of the world is a complete fallacy. Because smaller breaches don’t show up in the media because they’re not affecting enough people, there’s a false sense of security that the smaller companies are off the radar. So then they do as little as possible … These businesses need to be proactive. I like to tell clients, “You’ve got to spend money to save a lot of money.” They’re pennywise and pound foolish. We’ve got to get them over that hurdle. This is a risk management viewpoint, not an IT viewpoint. You’ve got to manage the risk by being proactive. It’s so much less expensive in the end than responding to a breach. If you’re not prepared and responding to it on the fly on Memorial Day weekend, or on Saturday night at midnight when you find out [that you have had a breach], and you don’t know who to call, and you don’t have cyber insurance, now you’re up the proverbial creek. You’ve got to do something and get your head out of the sand.
Newton: Just to piggyback on Collin’s point, that’s the importance for them to purchase the insurance. Something’s happened, and now we have to navigate this very complicated field of forensics, of regulatory compliance, of legal review, of public relations, where do we even start? And for a small business that might not have that experience or — with all due respect — that sophistication, it is very difficult for them.
VB:[How can insurance help with ransomware?]
Hite: Well, three things. One is, I think, ransomware has now allowed the price point to become a commodity. You can go on the dark web and buy the code to become a ransomware extortionist overnight. So that becomes the first problem. The second is, my understanding is, 20 to 35 percent of the criminal take is being reinvested in R&D by the criminals. They’re constantly evolving and that’s where insurance can step in. A well-placed cyber insurance policy will pay ransomware if you’ve purchased that aspect of first-party coverage and if you have a really good carrier. They have the forensic knowledge or the panel that will bring people in to help them pay it, get it paid, help get the system restored and do all of that. In the end, cyber insurance is the ultimate backstop on a lot of these costs and problems … And smaller companies, they need it. The Target can withstand an attack. [The retailer booked $162 million in expenses in 2013 and 2014 related to the breach.] The HVAC vendor was gone in about four weeks … These vendors are somewhat the weak link in the process. I had a presentation in front of a local client here recently who convinced themselves, “Well, we don’t take credit cards, we don’t deal with the public, we’re just a distributor.” And we talked a little bit more with the head of IT and the general counsel, and it suddenly became clear they’re tied into Kroger and Whole Foods for ordering. Well, you now own 100,000 customers because you’re tied into the grocery store systems for ordering. So you’ve got to get your people educated about their risks.
I recently visited the College of William & Mary’s business school on the day it was celebrating the 50th anniversary of its MBA program. I had come to the Raymond A. Mason School of Business, however, to check out more recent developments, including an entrepreneurship center with big ambitions.
“Entrepreneurship” has been a buzzword in business schools for some time. Many students go to college with dreams of creating startups, perhaps becoming fabulously rich and famous like Bill Gates and Mark Zuckerberg. But William & Mary’s Alan B. Miller Entrepreneurship Center has a different purpose.
While conceding that startups are seen as “exciting and sexy” these days, the entrepreneurship center “is not only for business students. Any student can leverage these concepts” to succeed in a variety of fields, says Graham Henshaw, the center’s executive director since 2015.
In fact, Henshaw says, entrepreneurial thinking has thrived throughout the Williamsburg campus for some time. The entrepreneurship center was started in 2010 primarily to serve business students, but its focus has changed. In January, the center opened a co-working space in the business school and made it available to all W&M students.
At the center’s dedication, Henshaw noted that a survey of a variety of William & Mary undergraduates found that 92 percent had a strong interest in incorporating entrepreneurship into their programs of study.
William & Mary President Taylor Reveley sees a historical thread. “William & Mary has been heavily invested in entrepreneurial thinking for hundreds of years,” he said at the dedication. “Previous alumni designed a new form of government for our country and guided that new form of government through struggle to survive. It took bold action, innovative thinking and raw courage, all entrepreneurial virtues we still need today. Our opportunities are vast and so are our challenges.”
Thomas Jefferson, class of 1762, no doubt would have agreed.
So what is entrepreneurship thinking? Henshaw says it involves a skill set and a mindset. The skills include the ability to identify an opportunity, “fail wisely,” improvise and collaborate. The mindset includes grit, self-direction, openness to risk and tolerance for ambiguity.
Failing wisely and having grit are the key words here. Henshaw describes a process that requires repeated trials. You fail, refine your product and keep trying until you get it right.
A serial entrepreneur, Henshaw speaks from experience. He has created three startups. Two failed. The third one, Action Innovation Group, was a success. It created accessories for athletes, including PaceTat, a tattoo-like tool that long-distance runners use to keep track of their splits.
A Virginia Tech graduate with bachelor’s and master’s degrees in mechanical engineering, Henshaw began teaching as an adjunct at William & Mary in 2012. Before joining the faculty full time, he was director of venture development at New Richmond Ventures, a Richmond-based firm that invests in early-stage startups. W&M alum Jim Ukrop is co-founder and managing director of the firm. He previously was CEO and chairman of Ukrop’s Supermarkets and chairman of First Market Bank, now Union Bank & Trust, in Richmond.
The Miller Entrepreneurship Center is designed to be a place where people congregate. Tables in the room can be put together or separated so that students can work on projects. A white board for brainstorming covers one wall. A Skype teleconferencing setup lets people at different sites share ideas, while a “phone booth” is provided for students who want to work alone.
The center is used for workshops and talks by outside speakers, but most of the activity is experiential. Every Friday, for example, the center serves pizza from 2 to 5 p.m. while volunteer mentors from the business community are available to answer questions. Many students, however, get their best ideas by meeting other students with similar interests. “Connecting with each other is really valuable,” Henshaw says.
A recent business plan competition offers evidence of the center’s broadening reach. The winners weren’t business students but a group from the linguistics department who developed a plan for teaching English in a Caribbean country.
Another competition, Rocket Pitch Wednesday, occurs every week during the academic year. Students make 90-second presentations on any opportunity they have spotted. In addition to the student’s idea for a new product, each pitch describes the size of the opportunity and the competitive landscape. A panel of judges awards $100 to the best pitch each week while offering feedback on all presentations. Students who do not win are invited to revise their presentations and return as many times as they like.
For promising projects, the center has raised about $11,000 from students and alumni in a crowdfunding campaign to provide grants ranging from $250 to $750. Henshaw hopes eventually to establish an endowment for seed funding.
Creating a startup, however, is a long way from making an appearance at Rocket Pitch Wednesday. The feedback and the grants, however, can mean the difference between “thinking about an idea forever and doing something about it,” Henshaw says.
He assesses students’ projects in the same way he vetted startups at New Richmond Ventures: Who is your customer? What problem will your product solve for the customer? And how many customers have you talked to? If budding business owners can’t answer those questions, they are not ready for primetime.
So far the center’s membership includes students from 14 different majors. Who knows? One of them may be the next William & Mary alum to lead an American revolution.
The Roanoke-Blacksburg Regional Airport saw passenger volume rise 12.4 percent in May when compared to April.
The gain marked the eighth time in the past nine months that passenger traffic has increased.
May’s volume, however, was up only 0.33 percent in comparison to the same month last year. The airport said frequent thunderstorms prevented a larger traffic gain this year.
April’s passenger volume in fact was down 1 percent from the year before because of storms affecting flights to and from Atlanta.
“We are pleased to see this positive trend continue into 2017,” Timothy T. Bradshaw, executive director of the Roanoke Regional Airport Commission, said in a statement. “The demand of passengers utilizing the airport is a critical factor when speaking with airlines regarding increasing air service to our market.”
The Roanoke-Blacksburg Regional Airport moves more than 600,000 passengers annually on four airlines (American Airlines, Delta Airlines, United Airlines, and Allegiant Air).
The airport has nonstop service to six destinations (Atlanta, Charlotte, Chicago, New York LaGuardia, Philadelphia, and Washington Dulles) as well as weekly flights to Orlando Sanford International Airport and St. Pete-Clearwater International Airport.
Kevin Walker Holt has become president of the Roanoke Bar Association.
He had been president-elect.
Holt is a partner at the Roanoke-based firm Gentry Locke.
His practice focuses on commercial, employment, ERISA and intellectual property litigation.
He earned his bachelor’s degree and law degree from the University of Virginia.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Sign In
Free Newsletter
DePlato: In the past, you were seeing a lot of threat actors scanning the internet, [doing research using sources such as LinkedIn and Facebook], on their targets and then attempting to breach their targets. That’s changed rather quickly within the last year. People have become smart in securing their infrastructure. They know to put a firewall in place. They know to put multi-factor authentication, for example, in front of external-facing systems. Actors are doing phishing scams to get into these organizations, or the new term now is “whaling,” where they go after your CTO [chief technology officer] or CEO — your high-value targets at an organization. Once they break into those organizations, they’ll deploy a ransom on the network, locking these organizations down so they can’t function until the ransom has been paid.
Hardin: As far as the hospitality industry goes, we’ve worked very closely with the brands of the hotels that we work with and also our third-party management groups. As to what Joe touched on, we’re focusing on making sure we have the proper hardware in place and that it is current and up-to-date along with current antivirus loaded on these machines to thwart those attacks. And we work with our group to make sure, if we need cyber insurance, we put our heads together and evaluate those options. Finally, we educate the people on the front lines of the potential threats, whether it’s through email, through phone, or in person, to keep an eye out and be prepared to handle those potential threats.
Inabinet: I’d like to add something to what Joe was talking about. You know the old-school type of scams out there on the network looking for vulnerable servers and things that are open — that still happens, but a lot of medium and larger companies have the budgets to buy all of this nice technology whereas smaller companies are like, “Well, maybe we aren’t as much of a target,” or maybe they just don’t have the resources to spend the money to protect themselves. What we’re seeing is a lot of smaller organizations are being targeted as much as bigger businesses because the bad actors now are well aware there may be a third-party relationship [that can make the companies vulnerable]. Remember the Target breach was a little breach that became a huge breach, and an HVAC contractor [working for the retailer] was the source. This smaller target was breached and [the attacker then] got into Target, and we all know how that turned out. Also to add on to what Mike was talking about, all of the technology is great, but we’ve found in talking with other people with health care … we have found really the number one thing you can do is educating your people [to be wary of suspicious emails or attachments].
Lewis: One of the things that has changed a lot is that, in the old days, companies used to have all their assets in one location, and a single firewall could protect you. Now with mobile devices … you really have to focus on protecting every device and training people and monitoring … To David’s point, it really comes down to the end users — it’s more important to educate them to be suspicious first in whatever they do … Companies also deploy all these cameras … and they can be taken over and used to attack people. It’s a real problem. You’ve also got a lot of smart TVs in households. So, there’s a lot of activity happening in people’s home networks that are reaching out to the cloud, and most homes don’t really secure themselves. That’s a fear for us. What do you do when an employee goes home and they’re using their gadgets? Is what they’re doing on their own network putting us at risk in any way?
Manic: Our senators and congressmen state we have 17,000 open positions in [cybersecurity] in our state. That’s second only to California, which has 19,000 open positions. There’s this huge need that some universities like VCU are trying to fill. There are a number of strong universities in the state. All together I doubt they can fill the void. VCU had been trying slowly to grow this angle of cybersecurity certificates for those with different backgrounds. That’s probably the key because, just looking at young generations going into cyber education, it’s not enough. We need to recertify, retrain people with different backgrounds to somehow start filling the void.
Newton: I think first organizations have to understand that it’s an enterprise-wide discussion. It’s not just a discussion that should be had at the IT level. It should be had at all levels of the organization, starting with the board, the executive officers and filtering down to the employees. Doing training exercises to understand, “I shouldn’t be opening this email.” So it can’t be siloed in the organization. Secondly, I think you really have to know your data. What do you have? Where is it housed? What are you using it for and who has access to it? Is it backed up? And then also one of the areas we talk a lot about with our clients are outside vendor contracts. Some companies say that because their payroll is outsourced, “That payroll provider is liable if something happens to my data.” No, you are, because it’s your information, and you are legally responsible for it. I think [it is highly important to go] through that whole discussion of what should the culture be at the organizational level and then developing a checklist of everything you should be going through and to be very aware.
Hite: The first thing for the smaller and medium businesses [is to realize], as the others have said, you are a target. This idea that the criminals only want the Targets or the Home Depots of the world is a complete fallacy. Because smaller breaches don’t show up in the media because they’re not affecting enough people, there’s a false sense of security that the smaller companies are off the radar. So then they do as little as possible … These businesses need to be proactive. I like to tell clients, “You’ve got to spend money to save a lot of money.” They’re pennywise and pound foolish. We’ve got to get them over that hurdle. This is a risk management viewpoint, not an IT viewpoint. You’ve got to manage the risk by being proactive. It’s so much less expensive in the end than responding to a breach. If you’re not prepared and responding to it on the fly on Memorial Day weekend, or on Saturday night at midnight when you find out [that you have had a breach], and you don’t know who to call, and you don’t have cyber insurance, now you’re up the proverbial creek. You’ve got to do something and get your head out of the sand.