Businesses and individuals 'in a fight every single day' against cyber attacks, experts say

FARGO — Experts and professionals from a broad range of industries gathered Tuesday morning, Aug. 2, at the Delta by Marriott in Fargo for the Midwest Cybersecurity and Technology Summit.

The No. 1 takeaway from the event, which was put on by the Fargo Moorhead West Fargo Chamber of Commerce , was that nearly every business in the modern world is at risk of a cyber attack. That point was driven home by several speakers and panelists who offered their perspective on cybersecurity and how it pertained to fields like agriculture, energy, health care and the military.

While the morning’s discussion took on a foreboding tone with regard to the dangers of cyberattacks, the speakers and panelists also offered guidance for businesses seeking to secure their enterprises.

Jerry Wynne, vice president of security and chief information security officer for Blue Cross Blue Shield of North Dakota, opened the summit.

Wynne called upon attendees to establish and foster a “culture of cybersecurity” at their firms. In the same way a business would rely on its CFO to approve major purchases, Wynne said that businesses should rely on a trusted cybersecurity expert at the corporate level to give the green light to technical changes.

It’s not a matter of if a cyber attack will happen, it’s when, Wynne added. It’s why businesses ought to invest in the tools, people and attitude to increase their preparedness for a breach.

“Cybersecurity will only be as good as your weakest link, and your weakest link will be your employees,” he said. “They will click on things. They will do the wrong things. You want to embrace the idea that cybersecurity (attacks) can happen to any company at any time.”

Both Jeff Crawford and Blake Griffin, the two keynote speakers who followed Wynne, agreed that cyber attackers have more options than ever before.

Crawford, a systems engineer specialist for Palo Alto Networks, said the attack surface “has grown infinitely” thanks to the ever-growing number of network devices that businesses use. Griffin, president of Fargo-based Communication Network Engineering , added that cyber attacks cost businesses an average of $200,000.

Citing data from his company’s own research arm , Crawford shared that ransomware attacks make up the largest share of cyber attacks in 2022. Business email compromises made up the second largest portion, with the two accounting for 70% of all cyber attacks.

In its simplest form, a ransomware attack is when someone steals a company’s data and holds it for ransom. Those attacks have become increasingly sophisticated, though, Crawford said, with attackers now stealing, deleting, denying and threatening to publicize data. In short, Crawford summarized ransomware attackers as the “most opportunistic of the bad guys.”

Attackers have increasingly begun targeting small- to medium-sized businesses, Griffin said. Sixty-five percent of attacks targeted businesses of that size, he noted, preying on the fact that many small businesses view cybersecurity as an inconvenience and high cost.

Justin Otto, director of sales for Arctic Wolf , expanded on the difficulties small businesses face when it comes to cybersecurity. “To stay on top of all of the latest tools, tactics and procedures that the adversary groups are using, it’s a huge and daunting task for companies that can’t afford multiple, 24/7 security engineers to monitor their network,” he said.

Still, he said that any business can take steps to improve their cybersecurity. “You don’t have to be great to start, but you have to start to be great,” Otto said.

“Cybersecurity is a journey, it’s not a destination,” he later continued. “Wherever you’re at, there are things that you can do to improve.”

During the morning’s second panel discussion, experts pointed out that cybersecurity attacks come from around the globe.

State-sponsored attacks have increased 100% from 2019, with 10 more attacks taking place each month, Crawford said.

Foreign attackers have a broad range of interests as well. Perhaps the most impactful area of interest is the military, as Maj. Dan Sly from the North Dakota Air National Guard said.

“We are just this tiny little state up here, but we are running some major, major operations up here out of Minot, Grand Forks and Fargo,” Sly said. “If you’re those other nations, you have a large vested interest in trying to glean whatever you can off of these networks. Whether we’re trying to defend the nuclear infrastructure or whether it’s the intelligence infrastructure, it’s changed.”

Shawn Riley, North Dakota’s chief information officer who moderated the discussions, added to Sly’s point later in the morning. Riley said that North Korean attackers were found to be hiding in the network of one of North Dakota’s school districts.

The attack was squashed before it advanced further, Riley said. However, the reason the North Korean attackers lingered in the school’s network was to try and subsequently access the National Guard’s network of nuclear weapons.

Dan Inman, chief information security officer for the Minnkota Power Cooperative, said that foreign actors have also targeted the nation’s energy systems. He asked the audience to imagine a scenario where an attacker caused North Dakota’s power system to go down in the middle of the winter.

“Yes, we’re in North Dakota, but the network is connected,” Inman said. “We’re seeing a lot of activity from Russia, from North Korea, from China, from Iran and even domestically.”

Nathan Joraanstad shared that the FBI has even predicted that agriculture will become a growing target for ransomware attacks. This is particularly the case in the planting and harvest seasons, when foreign countries would seek to disrupt productivity and yields. “People are starting to wake up to the fact that they could be a target,” Bushel’s director of engineering said.

The bottom line, Sly told the audience, is that all businesses and citizens need to face the growing threat cyber attacks pose. “We are in a fight every single day in the cyber world and frankly so are all of you,” he said.