By BECKY KISER
Hays Post
"Bad guys only have to be lucky once. You have to be good all the time."
That's the reality of cybersecurity for any business in today's interconnected world.
Being good means being educated about cybersecurity in your business, knowing how to protect your vital information, planning for the worst, and having a recovery plan, said George Schultzel, special agent with the FBI's cyber crime task force in the Kansas City field office.
Schultzel was a keynote speaker at Wednesday's cybersecurity conference presented by the Fort Hays State University Small Business Development Center and the FHSU Cybersecurity Institute and Technology Incubator.
Schultzel and a panel of local experts stressed the importance of education about cybersecurity across an entire company.
Cyber attack objectives fall into three categories — financial gain, intelligence collection and organization impact. In the FBI's experience, the bad actors are working via hacking, crime, insiders, espionage, terrorists or warfare.
Nation-state actors target all facets of U.S. life and property for a variety of different reasons, including in Kansas.
"We have a current case where a Kansas medical center got hit by ransomware a couple years back.
"We started following our leads. We watched our bad guys launder money back to an account back in Hong Kong. ... As we went through our investigation, turns out it was the North Koreans. And the North Koreans were utilizing that money that they stole from us to fund their nuclear program of weapons of mass destruction.
"So, why pay for it [themselves] when they could ransom U.S. citizens for that technology, for that money," he said.
The FBI was able to seize some of the ransom money back for the victims and continues with the investigation today.
Schultzel encouraged the conference participants, employees and owners of local businesses as well as some in southwest Kansas, to be aware of cybersecurity threats and be willing to act before they're carried out.
And that's fairly easy for small businesses to do, said Olga Detrixhe, sales supervisor at Next-Tech, Hays, who was part of the power panel discussion.
"Small businesses are nimble and flexible," she said. "Another huge advantage that small businesses have over a large organization is their ability to pivot and change quickly. Small businesses can make vast improvements quickly in comparison to their larger counterparts."
Schultzel stressed that business executives should support and fund cybersecurity protection measures.
There are more than 100 active FBI investigations on ransomware variants. Cyber threats are now a priority in the FBI, he said.
"These nation-state actors aren't after you, they're after what you have access to," Schultzel said.
Recommended tips from the group included the use of long passwords of at least 15 characters, multi-factor authentication, software and antivirus updates, secure wi-fi connections and encryption of important data.
You should also keep work thumb drives safe and not easily accessible and destroy external hard drives that are no longer serviceable.
The security measures used at work should also be used with your personal information, said Mark Griffin, FHSU assistant vice president for technology services.
"We here are all prepared for a tornado to hit us," said Dallas Haselhorst, TreeTop Security, Hays. "But a cyber attack is much more likely to happen to our businesses and most of them are completely unprepared."
Haselhorst has a series of free cyber security events upcoming in the community. They are as follows:
Oct. 11 at noon at STEM Harvest in Hays "Cybersecurity Awareness"
Oct. 16 at 6 p.m. at Hays Public Library "Cybersecurity Awareness"
Oct. 20 at noon at STEM Harvest in Hays "Scams, Lies and Bad Guys"
Oct. 24 at noon STEM Harvest in Hays "Cybersecurity Awareness"