BRUNSWICK, Maine — Cyberattacks, often perceived to be limited to identity theft and financial crimes, are expanding to include intelligence gathering by international terrorist organizations potentially targeted at small and medium-sized businesses in Maine.
As the threat becomes more grave and cybercriminals more sophisticated, measures businesses can take to protect themselves and their customers are becoming more complex, expensive and time-consuming. That was the message Tuesday during a statewide forum organized by Sen. Angus King, the U.S. Department of Homeland Security and the Maine State Chamber of Commerce.
“There really is no breach or intrusion that is too small to report,” said Craig Wolff, an assistant U.S. attorney in Portland who specializes in cybersecurity cases. “What may seem to be a minor breach from an individual company’s standpoint may be part of a much larger attack. [Cybercrime] is no different from someone breaking into your house and stealing items, except in this case what is being stolen is valuable ones and zeroes.”
Micheal Leking, a cybersecurity adviser in the Northeast for the U.S. Department of Homeland Security, said many small business owners don’t know where to start protecting themselves — or even whether they should be concerned about an attack.
“It’s very important to understand the nature of the data you have,” said Leking. “I wish I could envision what business is going to be attacked next, but the reality is that everyone is at risk.”
Leking and Wolff agreed that the most effective defense against cyberattacks is workplace training and the creation of robust firewalls, as opposed to trying to react to and recover from an attack after it happens. Leking said an organization that has been the victim of a cyberattack doesn’t learn of the breach until an average of 200 days later.
“Reducing the time it takes from identification to containment is critical,” he said.
Leking urged businesses to reach out to the Department of Homeland Security — specifically by visiting us-cert.gov/ccubedvp — where there are downloadable resources to help businesses increase their cybersecurity and run tests to see how vulnerable they are.
Tuesday’s briefing, hosted by Oxford Networks in Brunswick, was simulcast in Farmington, Machias and Presque Isle. It was organized by King, who could not attend in person.
“We’re probably the most vulnerable people in the world because we’re the most wired people in the world,” King said in a recorded message. “Protection has to begin at your server, at your computer and at your desktop.”
Some of the attendees in Brunswick said maintaining cybersecurity at their businesses is a battle that never ends and is constantly changing.
John Nelson, chief financial officer for Wright-Pierce, an engineering firm with offices in Topsham and Portland, among other places, said one of the biggest challenges is training employees to be careful of emails and websites that could harbor malicious software and ensuring that everyone has secure passwords that are changed frequently. Nelson said he intends to use the Department of Homeland Security’s online resources to bolster his company’s defenses.
Chris Carroll, a network administrator for Belfast-based Viking Lumber, said securing personal information of employees and customers is an everyday effort that could be daunting to the uninitiated.
“Don’t try it alone,” he said. “It’s not that a local ice cream shop has to bring in the Secret Services. Just start by getting a local IT professional who is familiar with this stuff.”