Security expert: Sharing is caring in fending off cyber attacks

March 12, 2015

ETHAN FORMAN

DANVERS — Headlines projected on a screen in a hotel ballroom Thursday said it all when it comes to how vulnerable businesses are to getting hacked.

“Data breach at Anthem may forecast a trend,” read one headline from The New York Times. 

“Lawmakers demand cyber security after Sony hack,” read another from U.S. News and World Report.

An expert in cyber security said these are just the tip of the iceberg when it comes to cyber attacks, which companies are often reluctant to discuss. The irony, he said, is that the more sharing there is of information about attacks on government, industry and university computer systems, the better prepared everyone will be to fend them off.

Mick Costa, who works in cyber security for the Federal Reserve Bank of Boston, also works with a nonprofit consortium called the Advanced Cyber Security Center of Massachusetts, an outfit that educates businesses and organizations about cyber attacks.

Costa spoke to North Shore business leaders Thursday at the North Shore Chamber of Commerce’s business expo, which featured 100 exhibitors at the DoubleTree by Hilton Boston North Shore.

Cyber attacks soaring

Cyber attacks are on the rise, Costa told the audience.

In 2013, there was a 90-percent increase in targeted cyber attacks, he said, and seven in 10 adults have been victims of cyber crime.

The threats come from ideological groups trying to make a statement, from organized crime, and from various parties trying to access military secrets or a corporation’s intellectual property.

Hackers can sit on a network for years before their presence comes to light. Another problem, Costa said, is that companies and organizations are reluctant to share information after being hacked, for fear it could harm them. 

The global impact of cyber crime rings up at $3 trillion. Companies hit with a data breach can suffer damage to their reputation, lost productivity and revenue, and costs for forensics, technical support and regulatory compliance.

Costa has been working in information technology security since the mid-1980s, before there was a World Wide Web. For the past year and a half, he has worked as the assistant vice president for network security services for the Federal Reserve Bank of Boston, working to protect the entire Fed’s networks, which handle in excess of $4 trillion in transactions a day.

It’s a daunting task when you consider that what the chairman of the Federal Reserve Board board says could move markets; and if her comments were leaked, it could wreak havoc on financial markets.

Money’s not the answer

Costa said the Federal Reserve spends a lot on cyber security, but “our problems are no different than anyone else when it comes to problems of cyber security.” 

Companies spend a lot of money trying to figure out where the holes are in their systems, but that approach has not proven effective, he said.

“We keep spending more and more money, and the number of breaches keep going up,” Costa said.

The government in the past has been reluctant to share information on cyber attacks due to security concerns. But Costa said sharing information on cyber threats may be the key to heading them off.

That’s what the Advanced Cyber Security Center is all about. Costa co-chairs the biweekly meetings that bring together industry, government and academia to work on the latest threats.

Costa said the White House is also proposing legislation that would allow a company to share information on threats with the government, while protecting the company’s privacy. It also seeks to create a national standard for companies about when to notify employees and customers about security breaches.

Costa also had some tips for business leaders. He suggested they use a stand-alone computer for financial activities, leverage security services offered by online cloud service providers, and use different log-on IDs and strong passwords for each account, and change them periodically.

READ MORE