David Behen |
David Behen, an executive with SenCy, a cyber security company based in Ann Arbor, was invited to speak to the board members by Deputy Supervisor/Trustee Tim Rush. Rush, the township delegate to the Conference of Western Wayne, heard Behen's presentation at a recent meeting and said he thought it was crucial to provide Sumpter officials with the information Behen presented.
Behen told the board members that he has been deep into cyber since 2011and previously filled leadership roles in the private and public sector for more than 20 years. He spent six years as a cabinet member for Gov. Rick Snyder as the director of the Department of Technology, Management and Budget, and Chief Information Officer for the State of Michigan.
Under Behen's direction, Michigan established itself as the national leader in the IT and cybersecurity arena, he said. Snyder is also an executive with the SenCy company after serving two terms as governor.After explaining his credentials, Behen told the board that many states use Michigan as a model for cyber security and noted that SenCy provides sensible solutions to cyber security.
Small and medium organizations are being completely ignored by the cyber security industry, he said, while there has been a 424 percent increase of cyber attacks on small and medium organizations.
“This is happening in your community, across the State of Michigan and the United States,” he told the board and emphasized that his appearance was in no way a sales pitch. “If you walk away with a few things to keep in mind about not only your organization, not only about Sumpter Township, but your community and what you need to be talking about with constituents and residents, I'll be pleased,” he said.
Currently, he said, cyber attacks are coming from China, Russia, Iran and North Korea and are under way 24-7, in an effort to disrupt the quality of life in this country, Behen said. Another motive for hacking is money, he said, as cybercrime can be lucrative.
In addition to the political and profit motives, there are also the thrill seekers attempting to break into computer networks and systems, he said. “And what we call the Hacktavists who attack organizations to embarrass them for some wrong they feel has been committed.”
Behen colorfully detailed the exact procedures and tactics cyber criminals of all types use to gain access to systems, including those who seek to ransom a computer system they have attacked. Denial of service attacks are also becoming commonplace, he said when a hacker creates a bot and brings down a system. These people, too, will ransom systems back to the victims, he said.
He offered insightful and detailed examples of the different types of cyber crime and told the board members the best possible defense is information and education. He suggested the township schedule education awareness programs for employees every 6 months as the tactics and capabilities change so rapidly. “Everyone in the organization should take it so they can see what an efficient email really is,” he said, “and be able to identify those which contain harmful codes which can overtake a system.”
He also told the board members that the township should have an incident response plan in place in the event of a cyberattack. “The majority of organizations are going to get hit. The day you get hit is going to be a really bad day. Someone should be able to say, 'Follow the response plan' and remediate the situation quickly.”
Behen also warned the trustees about the most common error computer users tend to commit, which is the failure to change passwords regularly and use strong, multi-character passwords.
“Make sure passwords are complex and long, nine to 14 characters,” he advised. “That change is critical every 90 days. These bad guys are doing recon on you, they can find your passwords,” he said. He stressed that users should never reuse a previous password. “If a bad guy gets your password and then gets into you're your email account with your user name, he's in your bank accounts, shopping accounts, retirement accounts, and everything else on your computer.”
He said everyone should have a password manager application and the programs are inexpensive and easy to use.
“We are trying to demystify cyber security,” he said. “A lot of people don't understand, but I guarantee you, cybercrime is happening in your community.”