May 23, 2024

🎙 Hays cyber expert discusses security in light of attacks

Posted May 23, 2024 10:01 AM

By CRISTINA JANNEY
Hays Post

Multiple cyberattacks have hit Kansas in recent weeks. 

The City of Wichita and Via Christi Hospital in Wichita were affected, and Trego County Lemke Memorial Hospital announced Tuesday it was the subject of a ransomware attack.

Dallas Haselhorst, owner of TreeTop Security in Hays, discussed cyber threats and prevention on Thursday on Eagle Radio's Morning Blend show.

Haselhorst said everyone is vulnerable to cyberattacks.

"It's definitely one of those things that now that technology has become so ubiquitous to everything we do that if you are connected to the internet, in any way, shape, or form, there's a good chance that you could be attacked in some way, shape or form," Haselhorst said.

Haselhorst said hackers are not just after big companies and government agencies.

"We have done [incident responses] for billion dollar companies that are multinational. The smallest response we did was a local business here that had a total of four computers," he said. "It can absolutely affect anyone."

Haselhorst said prevention is the best action.

"I always tell people if you want to be secure, you should have started six months ago," he said, "because it's not an overnight thing even in small environments and businesses we work with. It can take a few months to get them more secure — there's no such thing as 100 percent."

He suggested working with a company that can offer comprehensive services and is not just a reseller of hardware, firewalls and software.

He said to look for frameworks and best practices developed by the National Institute of Standards in Technology or the Center for Internet Security.

"You have a burglar that could go through a 20-foot brick wall, or they could go to the house that has an unlocked door. Which one are they going to do?" Haselhorst said. "They are going to do the unlocked door every single time, regardless of what's inside."

"You need to get your doors all locked and do some basic security measures so the attacker bangs on the door enough and decides it's not worth it and goes to the next one that's a lot easier," he said.

Some basics of securing medical data or energy systems are the same for small companies with sales data.

Although security measures can be expensive, much of what TreeTop does also brings businesses into compliance with regulations.

If a business that accepts credit cards or digital payments is breached, it is liable for any data that might be compromised, Haselhorst said.

"You are basically out of business because you will fined out of business," he said.

Sometimes, cyber security comes down to people.

"If I'm an attacker, why would I go through all of these hoops if I could simply call up Cristina and act like I'm the IT help desk?" Haslehorst said. "'Hey, Cristina, it looks like you got locked out of your account. I can help with that. What's your old password?'"

Unfortunately, Haselhorst said often those tactics work.

"Your people can be the weakest link," he said. "Your people can also be the strongest link."

TreeTop offers free cybersecurity training.

If a hacker makes it past all of the technical barriers, but an employee is adequately trained to recognize phishing attempts, they can stop the hacker, Haselhorst said.

Haselhorst described a phishing attack in which a hacker posed as someone high in a company. A hacker sent 73 emails within 30 minutes, but several employees alerted cybersecurity of the emails. 

Those emails were blocked and labeled as missed attacks, which helped train the AI security program, and the emails were removed from users' accounts.

As a user or consumer, there's not much you can do if an entity you do business with has been attacked, Haslehorst said.

However, if you are a business, he recommends cutting digital ties with the affected business or entity. He said he helped some companies do this when the Kansas court system was a cyberattack victim.

Businesses can also limit access to networks and data without completely cutting ties.

If an affected business or entity offers you free ID protection or credit monitoring, Haselhorst said it can help in some regards, but your information is already out there.

He did not suggest buying ID theft protection/credit monitoring.

"It's a running joke among cybersecurity professions, don't buy credit monitoring because your next free year is right around the corner because there's going to be another breech from someone," he said.

"Unfortunately, that's the world we live in that your data is all over the place. Once that cat's out of the bag, it's really hard to put it back in," Haselhorst said.

He suggested watching credit reports and card transactions and signing up for transaction alerts.

He also recommends having regular discussions with your spouse or anyone else on your bank or credit card about charges so you can better track transactions and spot fraud.