Cybersecurity - Now More Than Ever

Social distancing…work-from-home…Zoom. This is the new workplace vernacular since March 2020 when the COVID-19 pandemic took root and grew at an alarming speed. But another term has become increasingly central to the conversation as the digital workplace becomes more the norm than the exception - a norm that many businesses have been forced to accept at a level neither predicted nor planned for: cybersecurity.

Securing data and instituting procedures to minimize opportunities for “bad actors” to steal or compromise that data have already become part of a business’s operating procedures throughout many industry sectors. This includes sectors that may not have been considered highly 'technologically sophisticated' over the course of history - such as construction, logistics, agriculture, and manufacturing. Bluntly, any business that uses a computer to store records and communicate internally and/or externally should understand the importance of instituting controls to address cybersecurity challenges.

Greater Baltimore’s business community benefits immensely from the fact that the Region is at the forefront of developing the tools and systems necessary to secure data, and it has the talent available with the required skills businesses need. Moreover, the Region is the home of assets that are on the frontlines of protecting and defending the country’s cyber space, including the U.S. Cyber Command at Fort George G. Meade, NSA, and C5ISR and the Army Research Lab at Aberdeen Proving Grounds. Information on the full scope of Greater Baltimore’s Cybersecurity Industry can be found on EAGB’s Cybersecurity Industry Profile.

While awareness of the importance of securing data has been growing, cybersecurity risk has increased exponentially due to COVID-19 as businesses were required to implement mandated work-from-home practices virtually overnight. A business’s workforce is now teleworking from remote locations, often using personal computers on a home network, or shared by students now being taught exclusively online. All are using remote access to interface with the institution or company’s internal network. The increased use of popular virtual communication platforms such as Zoom and Microsoft Teams introduces yet another point of vulnerability and exposure to those seeking access to private networks and data.

As noted in the Alert, the vulnerability introduced due to teleworking is often caused by the use of Virtual Private Networks (VPN). This is particularly true in small to mid-size companies who do not have the resources and/or have not seen the need to fortify the security of their VPNs through more sophisticated authentication methods and addressing the security, or lack thereof, with home networks. The circumstances forced upon businesses from COVID-19 has exposed the weaknesses of cybersecurity practices and brought into focus the importance for organizations to have effective cybersecurity systems in place that can adapt quickly to changing and often unforeseen situations.

If there is a silver lining to this scenario, it is that Greater Baltimore has a plethora of resources available to organizations faced with addressing a data security breach, or averting one. Gregg Smith, CEO of Attila Security and Chair of the Cybersecurity Association of Maryland (CAMI), is seeing more and more small and mid-sized businesses encountering these issues due to their need to send employees home to work remotely:

“Small and medium sized businesses are particularly vulnerable to cyber attacks. Many don’t have internal IT teams and lack solutions to provide secure remote network access for their employees. They need a solution that is affordable, can be deployed quickly and set up by the employees themselves, and will work with any device, including home computers, smart phones and tablets that may not be updated with the latest software. This is exactly the type of problem that Attila’s technology was built to solve,” states Smith. (For more information about Attila Security, see the Industry Spotlight section of this newsletter).

Cyber “bad actors” attack without warning, and, without adequate security in place, can compromise a business’s entire enterprise system. Even before the COVID-19 crises shined a spotlight on the need to secure these Systems, CAMI understood the urgency for any business experiencing a breach to act quickly. CAMI created a Cyber SWAT Team that immediately sets to work with a company to mitigate the threat and assist in working to secure their network against future attacks. The Cyber SWAT Team can be accessed through CAMI’s website: www.mdcyber.com.

Gregg Smith, serving in his role as Chair of CAMI, notes, "We’re very fortunate to have such a strong community of cybersecurity companies here in Maryland. CAMI’s Cyber SWAT Team provides a quick and easy way for Maryland businesses to access the world-class cybersecurity expertise that exists right here in our own backyard.”

There is simply no 'good' time for a data breach, making now the best time for businesses to implement or update their cybersecurity. While the COVID-19 pandemic will eventually subside and become less of a threat once a vaccine is widely available, the threat of cyber attacks will only increase as the business world becomes more and more digitalized. Organizations must take this opportunity to re-visit or create business continuity and incident response plans that address and can adapt to the changing world of how business - any business - is conducted in an increasingly technology-driven and reliant world.