Please ensure Javascript is enabled for purposes of website accessibility

Md. government and businesses urged to prepare for cyberattacks

Christopher Van Hollen

‘All of our systems are vulnerable, whether they are in the private sector or the public sector or the nonprofit sector,’ Sen. Chris Van Hollen, shown at an earlier appearance, told Maryland technology leaders. (AP Photo/J. Scott Applewhite)

Maryland leaders hailed the state as a “cyber capital” of the world Wednesday at the Cyber Maryland 2017 conference while acknowledging that the state has to do more to capitalize on the companies and agencies that represent the burgeoning industry.

Last week, Gov. Larry Hogan signed an executive order directing the Governor’s Office of Homeland Security to coordinate, improve and implement the state’s cybersecurity plans, taking advantage of Maryland’s cybersecurity industry.

“Our administration has been working tirelessly to build an unrivaled ecosystem in Maryland, to serve and to grow our state’s critical cybersecurity industry and to protect and maintain our nation’s information infrastructure,” Hogan said at the conference.

The governor’s remarks came as the state and the nation have seen multiple and significant attacks on both private and public entities.

Last month, credit agency Equifax revealed that it had been hacked, putting the information of up to 145 million Americans at risk. Equifax joined Target, Sony and HBO among the major corporations targeted by cyberattacks.

At the same time, hackers linked to Russia also targeted election mechanisms across several states during the 2016 election, including Maryland’s. The attack on Maryland’s State Board of Elections was unsuccessful.

The range of targets suggests that any organization could be subjected to a cyberattack, a possibility U.S. Sen. Chris Van Hollen warned about at the conference.

“All of our systems are vulnerable, whether they are in the private sector or the public sector or the nonprofit sector,” Van Hollen said. “Nobody is immune.”

The possible entry points for attacks can seem endless as technology advances. While the “internet of things” offer new and innovative devices for people to interact with technology, cybersecurity experts fear they also provide an easy gateway for attackers to enter a system.

Another concern is the cloud, where millions of people store data, possibly without knowing where it is actually being kept.

Maryland’s cybersecurity industry can be on the leading edge of keeping up with all of the ways a cyberattack can occur, Hogan said.

“Every single day our world-class academic community is conducting critical research, exploring the newest technologies, and most importantly, we’re educating the next generation of cyber warriors,” the governor said.

Businesses need to prepare too

But what works for the state and even for large corporations may not work for the state’s thousands of small businesses.

These entities often do not have an information technology department, or even a single person who can keep up with the ever-changing ways technology can be vulnerable to attacks.

Instead, the onus is on small business owners and their employees to practice good cyber hygiene, said Christine Ross, president and CEO of the Maryland Chamber of Commerce.

“Everybody should consider it as a mandatory threat to their business and they should have protocols in place to prevent it,” she said in an interview with The Daily Record.

Last month, the chamber held a panel for business owners to become educated on the risks of cyberattacks and how to prevent them. Suggestions included keeping strong passwords, updating computer software consistently and keeping track of corporate accounts.

Companies should also keep up on what is happening and not think that cyberattacks are just the problem of large corporations like Target or Equifax.

“They have to deal with it as a significant business issue,” Ross said. “The reality is that they are vulnerable and that attacks could happen at that very granular level at any time.”

In addition to keeping defenses against a cyberattack, businesses also have to have a plan for what should happen in the event an attack occurs. That plan should be similar to a natural disaster response plan, Ross said.

It should be included in a manual, and every employee should know what to do if something happens.

“Everybody should consider it as a mandatory threat to their business, and they should have protocols in place to prevent it,” she said.


To purchase a reprint of this article, contact reprints@thedailyrecord.com.