In one month, hackers filed fraudulent tax returns using stolen personal information from Baltimore City workers, and held MedStar Health computer system’s hostage. The ransomware used in the attack forced the Maryland and Washington D.C. health care provider to revert back to paper medical records until the system went back online.
“That's the really dangerous part especially in the health care world, if you interrupt patient care you put the organization at risk, you put the patients at risk,” said Chris Ensey, the chief operating officer for Dunbar Security Solutions.
The concern now is that if two major organizations can be infiltrated, who else is at risk? Ensey said hackers will target any industry, particularly those housing personal information of their employees or clients.
“It's inexpensive, it's low risk, and it's something you can do from the comfort of your own home,” he said.
The FBI is assisting in identifying suspects in the two cases, but said culprits of cyber attacks can be anyone. In the past, they’ve charged a range of people from high-schoolers to foreign actors.
“We see it as a huge industry that lives behind the shadows,” Ensey said.
But an industry combating it is growing just as fast. Defending against online criminals has become a big business in Maryland. The state touts itself as the nation's epicenter for cyber security, and according to the Maryland Department of Commerce, the more than 11,000 information technology businesses generate in excess of $38 billion per year.
Dunbar Solutions has also capitalized on the growing threat cyber attacks pose. The company has nearly 100 years of experience in the security business, but it's only been in the past four that they've really expanded their focus to online security.
“You buy a product or you buy a piece of software and you put it in place and your anti-virus should stop those attacks, and the reality of this is we've moved past that. Now we're in a world where you have to constantly be vigilant about identifying any potential intrusion into your corporate network,” Ensey said.
He added that more than just prevention, detection and monitoring is key. It's about identifying any vulnerabilities, as well as educating employees to not click on hidden links that create an access window into corporate networks.
It's also become a battle of wit and employing people that are able to outsmart the other side. People like Bryan Halfpap and Nick Hepner, two security consultants who use their skills for good, also called white hat hackers.
“You're a white hat, you're paid to help the company find the vulnerabilities before somebody looking to cause chaos or harm, damage a reputation, monetize the vulnerability, comes along,” said Halfpap.
They're both members of Unallocated Space, a “hackerspace” where people wanting to learn these skills can meet, collaborate and teach each other about the newest technologies in an industry that's rapidly changing.
“They have to adapt and they have to understand new techniques and one of the best ways to do that is to socialize and get to know people who do the same thing and exchange ideas,” said Nick Hepner, the vice-president of Unallocated Space.
These groups have become more popular throughout the area, especially among people in the industry, but Hepner said they're open to educating anyone about how not to fall victim to cyber crime.
"Don't click things that look suspicious, that's probably the number one thing, because you can't patch stupid is a favorite saying of ours. The social engineering techniques, the trickery that the spam and the Facebook messages use to get you to click on things, those can lead you down to some dodgy sites and that's how you get your viruses, and your malware, and your identity stolen eventually," Halfpap said.
If you're interested in learning more about Unallocated Space, click here.