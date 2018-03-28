ANNAPOLIS, Md., March 28, 2018 /PRNewswire/ -- On Tuesday, March 13, a group of local cybersecurity experts and business leaders came together to discuss the state of cybersecurity as it relates to small businesses in Maryland. The discussion, facilitated by Winquest Cybersecurity Services President & CEO John Leitch, covered an array of cyber topics and trends. Conversation was centered around the growing threat of ransomware and phishing attacks as well as strategies for mitigating the vulnerability that small businesses face towards those threats.

Leitch led the conversation by highlighting Winquest's efforts to utilize military-grade services, products and expertise as a front line defense against the modern cybersecurity threat. The evening included an exclusive prescreening of Winquest's interview on Worldwide Business with kathy ireland®, in which Leitch discussed the looming danger of cyber threats such as ransomware, and how they can affect small businesses. The screening was then followed by a discussion amongst attendees regarding strategy for solving the modern cyber issue.

The evening's guests included Cybersecurity Association of Maryland, Inc. (CAMI) Executive Director Stacey Smith; Maryland Department of Commerce Director of Cybersecurity, Ken McCreedy; Startup Maryland Founder Mike Binko; and many more. The conversation began with attendees offering ideas for what they felt were the top cyber threats, specifically facing small to midsized businesses.

A popular candidate for top threat was phishing attacks. Phishing is defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Scammers will often send emails requesting valuable information from an organization's employees (such as credit card numbers, social security numbers, etc.) by posing as an internal member of the organization.

"Verizon reported in their 2017 Data Breach Incident Report (DBIR) that 80% of all phishing attacks were successful," Leitch said. "It's going to happen; we're trusting people. It's the risk we have to take."

A risk, indeed. Further examination into Verizon's DBIR shows that 95% of phishing attacks that led to a breach were followed by an installation of malware, a software that aims to disable or damage computer systems. Baited emails serve to get the attacker in your door, while the subsequent malware installation is what gets them the information they are ultimately after.

Perhaps the most frightening trend, however, may not the attacks themselves, but the vehicles by which they are allowed to enter a company—its employees. According to a study conducted by Intel, 97% of people are unable to identify a phishing email.

So we know that there is a real risk here, and it exists both outside of and within the organization. But what is being done to counter that risk? Guests were encouraged to share proven solutions, as well as any conceptual strategies that may not yet have been put into practice.

A good start, it seems, is on the internal front. Several guests advocated for a bi-annual cyber training program, while others advocated for implementing new hire training around cybersecurity threats such as phishing and malware.

Mike Binko of Startup Maryland offered a bigger-picture solution, suggesting that the screening process for new employees should be more thorough for those handling sensitive information. By identifying what type of information a candidate will be hiring on a day-to-day basis, an employer will know better what to look for in a candidate and how to communicate expectations to that candidate.

"That's a key point— workforce expectation management. Even to the point of job descriptions before you're courting your candidates," Binko said. "If you're going to be touching sensitive client data, financial data or intellectual property, that needs to be stated up-front."

Leitch then outlined Winquest's attempts at approaching the cyber threat by unveiling Winquest's CyberWare package. Winquest CyberWare aims to white label the organization's cybersecurity services and expertise for managed service providers, who often claim cyber coverage for their clients, while often carrying low standards for employee training and incident response when it comes to cybersecurity. Winquest's CyberWare package seamlessly integrates into the MSPs pre-existing strategy, allowing them to offer true military grade protection to their clients.

This approach was legitimized by Ken McCreedy, who shared with the group a personal story regarding MSP's and cybersecurity.

"A gun range in Prince George's county got hit at their point of sales system, and reached out to a friend of a friend who previously worked for the NSA to diagnose the issue," McCreedy said. "When he got down there, the owner showed him the router and was asking how they got through the security system. He was surprised to discover that the point of sales system had no security- he assumed that all the red and blue wires put in place by his MSP meant that there were preventative measures. In reality, the router was wide-open."

As many guests pointed out, trusting in a managed service provider for your organization's cybersecurity needs has, unfortunately, proven to be a risk that most businesses aren't even aware that they are taking. Much like the PG County gun range owner, many business owners are told by their MSP that they are covered, when they may, in fact, be just as susceptible to cyber attacks as someone with no protection at all.

"The risk is very, very alarming," Leitch said. "If you're not prepared, you're betting your business."

