Craig Horbus Discusses Cyber Crimes in Business for Youngstown Business Journal

Brouse McDowell Partner Craig Horbus spoke with the Youngstown Business Journal on the growing threat of cyber crime for businesses as they become more digitized in an article titled “Easy Targets: Cyber Crimes in Digital Business”.

In the article Craig warns that organizations should not underestimate the threat of cyber crimes by minimizing them to a solo criminal saying, “Threat actors these days are not little Johnny sitting in Grandma’s basement.” He went on to highlight how these criminals are more similar to the companies they target saying, “Hacking businesses try to get paid. It’s a very sophisticated, organized criminal enterprise.” He also points out that many of these criminals or “threat actors” operate out of Russia and China, with some having nearly 200 employees. This makes it challenging to put an end to them. As Craig points out, “there would be a lot more ability to prosecute and take these guys down if they were operating within the U.S.”

He goes on to explain that this leads to many of them being identified as repeat offenders based on the digital footprint they leave adding, “They leave pieces of information on the system that we can pull from. The problem is that those people just go across the street and set up shop again the next day.”

Craig also notes—along with FBI Acting Special Agent in Charge Philip E. Frigm Jr.—that the quick pivot to remote work and online services is leaving some companies with “weak spots in their networks.” He explains that, “all it takes is one of those 250 employees to be careless in logging on to a compromised WiFi signal that’s in a coffee shop where a bad actor is monitoring it and pulling credentials.” There is also an increase in insider threats where a “low level employee is being tempted by these threat actors that are saying ‘We’ll send you $50,000 or $100,000 if you get us some credentials,” warning that he and the Cybersecurity team at Brouse are “seeing a bigger spike in that and it’s just going to get worse.”

He told the Business Journal “90% of the cases we run into — the companies are compromised; the backups are compromised.” Stressing the importance of preparedness, Craig recommends companies take an earnest look at their policies and procedures. He suggests penetration tests, or “pen tests” which are simulated cyber attacks as an effective way of testing and evaluating your companies’ cybersecurity policies. 

Click here to read the full article (subscription required).