Recent Peoria-area cybersecurity headlines highlight the importance of being prepared
Tazewell County government and an OSF Healthcare vendor are two recent examples of cybersecurity incidents making headlines in the Peoria area.
CEO Anthony Mini of Peoria Heights-based technology company Pearl Technology said these types of attacks often go unreported.
“A lot of organizations just are not prepared,” Mini said, “So when they do experience the attack it is chaotic and stressful, and in the long term can be devastating to their company.”
Mini said there are two kinds of cyber attacks; ransomware involves the attacker shutting down operations of an organization and demanding money to turn it back on, and other attacks are made using social engineering scams.
He also said there are ways to prevent a cyber attack from happening, starting with measures such as multi-factor authentication.
“From a preventative standpoint, that's phase one. But then phase two is being prepared for when that attack does happen, not so much if but when it happens, having a strong incident response plan, understanding your cyber insurance, and how to process a claim and what you are qualified for,” Mini said.
There's still technical troubles following what's being called a "cyber incident" at many of Tazewell County government offices. That's limiting public access to the affected departments.
Welltok Inc. is a vendor OSF HealthCare used. The company experienced adata breach that may have divulged patient first and last names, dates of birth, home addresses, the last 4 digits of Social Security numbers, and more. People worried about their data being affected can call Welltok's service line 1-800-628-2141 to check if they are affected.
Mini said developments in artificial intelligence are making scam emails more difficult to flag as dangerous.
“There's a lot of automation and tools out there that are helping threat actors be more successful. For example, 10 years ago you used to get an email, when it was riddled with red flags, like you could immediately tell that the email was not legit,” He said, “However, with some of these artificial intelligence tools, the emails are coming through and they're looking pretty spot on. It does take some training to see the red flags inside of them.”
Mini said cybersecurity training should take place all year round to prevent any kind of attack.
“A lot of companies do phishing tests every month just to test their employees and make sure that they are catching the test, right? Because you'd rather find out something's wrong in a scrimmage than in the real game,” he said.