Iowa, Corridor companies cope with cyber attacks

This past November, the Department of Homeland Security worked to get inside Alliant Energy's system to shut down its email and phone lines.

Alliant then had to fight to get back online, said Vern Gebhart, vice president of business infrastructure and technology. The utility company had some experience with this matter, he added, that they gained during the 2008 Floods.

This exercise was done to help Alliant and other power companied secure the power grid.

'If they can hack into our systems, it can create an economic impact and physical impact,” he said during a February 28 meeting with The Gazette editorial board.

'The technology has evolved so much and we're more at risk,” he said.

Alliant Energy and other utility companies are working closely with the Federal Bureau of Investigation and Department of Homeland Security to battle the growing threat of cyber attacks.

'DHS tells us it's not if, it's when. Everything can be compromised and if they get in, we don't want them to bring down the whole system,” he said.

But power companies aren't the only ones working to address this problem.

More data, more attacks

Last year marked an all-time high for cyber attacks, with 2,164 data breach incidents nationwide reported that exposed more than 822 million records, according to Richmond, Va.-based intelligence company Risk Based Security.

Globally, the United States accounted for 66.5 percent of exposed records in 2013, according to the report. South Korea ranked second, making up 17.1 percent of exposed records.

According to an August 2013 Bloomberg News article, China accounted for instigating the most cyber assaults, making up 41 percent of the world's attack traffic. The United States accounted for 10 percent of the world's attack traffic.

The amount of data has exploded in recent years, and as hospitals, banks universities and retailers store more information electronically, the exposure will only grow.

Hackers target a wide range of businesses, hitting companies big and small.

A 2012 Verizon data breach investigations report, which analyzed more than 47,000 reported security incidents, found that 37 percent of breaches affected financial organizations and 24 percent affected retailers and restaurants.

Another 20 percent of network intrusions involved the manufacturing, transportation and utilities industries, with the same percentage affecting information and professional services businesses, the report found. Of all cyber attacks, 38 percent affected larger organizations and represented 27 different countries.

The Target breach, which compromised 110 million customer names, addresses, phone numbers, email addresses, and credit and debit card numbers, in November 2013 showed just how vulnerable retailers and restaurants are to hackers.

That breach, which was the fifth largest of all time, began after a malware email was sent to employees at a third-party HVAC company that did business with the retailer.

‘Blended strategies'

'It's a business killer,” said Jessica Dunker, president and CEO of the Iowa Restaurant Association. 'If credit cards are breached at your place, people won't come back.”

Dunker said the organization is taking a proactive approach with its members to hopefully prevent cyber attacks.

That's why the group, which represents more than 6,000 restaurants and bars in Iowa, is working with AIG to provide members with a 'crisis kit.” Dunker said members will be able to talk with experts about how to proceed after data is breached.

It also will offer members cyber security insurance to cover the cost in the case of a breach.

'Credit card companies really have all of the control,” she said.

When a card is compromised, credit card companies and banks assure customers that funds will be replaced, Dunker added.

'Someone has to cover it, and it could be the people handling the food,” Dunker said.

And because 75 percent of attacks are financially motivated, it's not a surprise that banks and credit unions are beefing up security as well. The same Verizon report found that 66 percent of attacks on financial companies involved ATMs.

'Cyber security is vital,” said Srinivasa Siravuri, Veridian Credit Union's Vice President of Information Technology.

Iowa's largest credit union, Veridian has 26 branches across the state and 179,000 customers.

Siravuri said the credit union uses a blended strategy to deal with security issues. Not only has Veridian added IT staff in recent years, but it has deployed new technology and software to protect customer information.

Veridian monitors customer accounts for suspicious activity, he said, and it provides education to customers on how best to protect their information.

'It's increasingly important to take measures on home computers and devices to protect assets,” he said.

This includes changing passwords often, not sharing account information and frequently checking account statements.

'Veridian has always focused on security and our members' assets,” Siravuri said. 'But with this changing technology and increasing sophistication, we've had to increase the focus.”

By the numbers

75 percent of breaches are driven by financial motives

6 6 percent took months or more to discover

74 percent of retail breaches compromised payment data

66 percent of financial breaches involved ATMs

84 percent of health care data breaches were spotted by law enforcement, not the organization affected

Source: Verizon 2013 Data Breach Investigations report