91.1 F
San Fernando
Tuesday, Nov 19, 2024

Fending Off Hacker Attacks

 On a recent morning, George Baldonado was monitoring online activity for a client – a government contractor in the Los Angeles area – at his Camarillo business, Oasis Technology, which provides IT consulting and security software.That client had 120 cyber terrorist attacks, Baldonado said, and another 3,800 attempts to get into its network from outside the U.S.

All this occurred before 10:30 a.m.

“There was one attack trying to break into the firewall and there had been 245 attacks into their Office 365 to try to get into their email,” he explained.

That goes to show just how serious hackers are to get into the computer networks of companies big and small. Professionals in the cybersecurity industry in the greater San Fernando Valley region all have similar stories of attacks that have happened to clients.

Take, for example, what happened to Yuri Aberfeld.

The chief executive of ITSupportLA.com, a Tarzana tech support company, knows personally the feeling when a hacker finds a cybersecurity breach.

Aberfeld said that in 2019, hackers created a website very similar to his, except that it was ITSuportLA.com, with just one “p.” The fake site began to contact vendors in the information technology industry and place orders that were then put through by those companies, Aberfeld said.

“Then they would call us for payment, and we would have to explain that it wasn’t us and they had got scammed,” he added.

Everything about the fake website mirrored the actual website of Aberfeld’s company except for a change in the phone number.

“I even called one time and said, ‘Who is this?’ and the person said, ‘This is Yuri.’ I said, ‘No, this is Yuri,’ and the person hung up,” Aberfeld said.

 “The audacity is just crazy to me.” But hackers steal, from Aberfeld and Baldonado’s clients alike, because it pays.

According to Cybersecurity Ventures, a research and publishing firm in Northport N.Y., cybercrimes will inflict a total of $6 trillion in damages globally in 2021 and increase to $10.5 trillion by 2025. That figure was only $3 trillion in 2015.

“This represents the greatest transfer pf economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined,” wrote Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief of Cybercrime magazine, in a story published in November edition of the publication.

Biggest threatsAsk a cybersecurity professional what the biggest threats are and the answers will be various.

Aberfeld said it was ransomware, a program that threatens to publish a user’s personal data on the internet or else block access to it unless as ransom is paid. He also named phishing campaigns. In these attacks, an email is sent out in hopes that a recipient will click on it and download the ransomware software.

“It is like casting a net in the ocean. Whatever you catch, you catch,” Aberfeld said.

A variation of that attack is spear phishing – or an attempt that is focused on a specific user because he or she had clicked on a phishing email in the past or his or her login and password information was exposed on the dark web, he added.

“They find out who are the key employees of a company and pretend to be those employees,” Aberfeld said.

Baldonado thinks the biggest threats come from just the explosion of technology.

Companies are not concerned with security and just focus on getting a new product out to market and gaining market share, he said.

“People aren’t concerned when they release their product about the actual security part,” Baldonado added.

Matthew Hodson, chief information officer at Valeo Networks, the Florida-based IT division of Saalex Corp.

in Camarillo, said that the biggest threat to a company’s computer network comes from its employees.

“You can throw as much money as you want at your infrastructure, your software packages, your configuration, your firewalls, (but) at the end of the day as long as you have humans involved there is a risk for breaches and ransomware,” Hodson said.

Valeo is a managed security service provider serving municipal, state and county governments, small-to-medium sized businesses, and nonprofits. It has offices nationwide, including in Camarillo.

Other threats mentioned by Hodson are from companies not being ready to have employees working from home due to the coronavirus pandemic. These firms leave themselves open to cyber-attacks because they have employees using computers and networks that are home-based and not well protected.

“We have seen with companies where that is where a hack presents itself – from the home piece of the network and spreads to the business,” Hodson said.

Vulnerable sectorsJust as cybersecurity professionals give a variety of responses when asked to identify the biggest threats, so will they give a variety of answers when asked what types of business are most vulnerable.Paul Witman, director of graduate information technology programs at California Lutheran University in Thousand Oaks, said the businesses most at risk are those with light capability for managing attacks. That would include smaller companies and companies that don’t spend a lot of energy on cybersecurity-related functions.

“They don’t train their staff enough and don’t have updated virus protection on their computers,” Witman said. “All of those are risk factors that would make it more likely that an organization would be victimized.” Baldonado at Oasis Technology said that the biggest risk is where the money is at. That includes government computers and the financial and medical sectors.

“People want to get money out of the banks,” Baldonado said. “Their primary attack vector is through regular retail customers to get into their bank accounts and steal their money.” Attacks on government computers will come from outside the country. China and Russia are the main culprits there, he added.

And when it comes to medical records, hackers go after those because they translate into money as well because getting the information from those files helps in perpetuating Medicare fraud and Social Security fraud, he said.Hodson said that anybody is vulnerable and that hackers do not pick one particular company or industry over another.

“The ones with the biggest vulnerabilities will get hit,” he added. “We have seen that with state, county and city municipalities because they do not have the budgets or do not see themselves as vulnerable.” Cost of protectionIf there is a commonality in the cybersecurity industry, it is in the business model that the firms follow. All charge customers a monthly fee – although the amount can differ from provider to provider.

At Oasis Technology, Baldonado’s services can cost as low as $400 or high as $7,000 a month depending on the level of monitoring and security.

 Aberfeld charges between $50 and $85 per user, depending, like Baldonado, on the technology used at the client company.

Hodson, of Valeo Networks, said the cost depends on the size of the business, the industry they are in, the number of computers and any additional services the company provides, he said.  “We have clients with 10 employees who pay $1,000 a month and others with 10 locations in the U.S. and Mexico who will pay $25,000,” Hodson said.

All the companies are growing and hiring, although finding qualified employees can be tough.

Baldonado said that cybersecurity is not an 8 to 5 job. Monitoring goes on all the time and needs people who are committed to it.

“There are so many ins and outs to cybersecurity that a lot of people either don’t have the experience or don’t want to go to that level of support,” he added.

Valeo’s goal is to go nationwide and add to its offices in Florida, California, Arizona and Oregon. To reach that goal, the division acquired late last year Etech Solutions, a managed service provider in Des Moines, Iowa.

Key to attracting and retaining employees with the skillsets needed for cybersecurity is having a company culture that keeps the workers happy, engaged and doing something they like, Hodson said.

“We want to make sure that we help them grow into that role in the company,” he added. “That will reflect to the customer base. They will have a good customer experience and that will help the company grow overall.” Educational programs like those at Cal Lutheran are the training ground for these employees that Valeo and Oasis look to hire.

Cal Lutheran bestows a master’s degrees in information technology with a focus on cybersecurity and a separate cybersecurity certificate.“We have a variety of classes that we offer students to be successful as cybersecurity professionals,” Witman said. “We don’t train specifically for the industry certification, but the courses all lead in that direction.”

Mark Madler
Mark Madler
Mark R. Madler covers aviation & aerospace, manufacturing, technology, automotive & transportation, media & entertainment and the Antelope Valley. He joined the company in February 2006. Madler previously worked as a reporter for the Burbank Leader. Before that, he was a reporter for the City News Bureau of Chicago and several daily newspapers in the suburban Chicago area. He has a bachelor’s of science degree in journalism from the University of Illinois, Urbana-Champaign.

Featured Articles

Related Articles