Keeping IT Systems Safe Requires Companywide Buy-in: Cybersecurity in the workplace is everyone's business.

• Author: Barbour, Tracy
• Position: TELECOM & TECH

As cyberattacks grow in prevalence and sophistication, Alaska companies are using more and varied technologies and strategies to ward off potential danger.

Today, cyber protection is steadily growing in importance due to society's reliance on computer systems, the Internet, wireless networks, and smart devices, all of which are part of the ever-expanding Internet of Things (IoT). In fact, the significance of IT security has led to October being designated National Cybersecurity Awareness Month. The campaign--an initiative of the Department of Homeland Security--is designed to engage and educate public- and private-sector partners through initiatives nationwide. Incidentally, the weekly theme for October 9-13 is "Cybersecurity in the Workplace is Everyone's Business."

Ransomware Attacks Increase

Most companies have a base level of threat if their computer system has access to the Internet, according Michael Strong, chief information security officer for GCI. The threat can come from seemingly innocuous sources such as emails, websites, and web applications. The magnitude of the potential danger depends on how critical the computer system is to the individual business. Since physical location is inconsequential when it comes to cyberattacks, many of the same security threats that are impacting companies in the Lower 48 are also present in Alaska. "The Alaska community is seeing the same types of attacks as the rest of the world because the attackers are coming at us from all over the world," Strong says. "They are looking at the IP address, rather than the geography."

In Alaska and elsewhere, one of the most rapidly-expanding areas of attack today is ransomware. This type of encryption-based breach involves an offender essentially taking a company's computer system offline, which can be extremely detrimental. "If your technology goes down, it can take the business down," Strong says. "It's opportunistic, and they are looking for anybody they can exploit. It involves everyone from the Fortune 500 company down to the local book store."

In addition to causing substantial disruption, a ransomware attack can create liability from stolen data. This can cause extensive damage to a company's image and leave the company at risk for litigation--especially if the attack involves medical records, financial details, company trade secrets, or other sensitive information, according to Mack Avery, GCI's senior manager of security operations. "If they get hit by ransomware and it becomes a public event, there is concern about the company's reputation," Avery says.

Ransomware, Strong says, is growing in occurrence because it's effective for perpetrators, who often convince victims to acquiesce to their demands. It comes down to the individual company and whether or not it wants to pay the ransom. "Our recommendation is not to pay, but that's the standard recommendation that law enforcement gives," he says. "It's up to every organization whether it wants to pay."

While ransomware attacks can be extremely detrimental and costly to...