Sept. 13, 2022

This paid piece is sponsored by Eide Bailly LLP.

The director of cybersecurity services for national firm Eide Bailly LLP will be in Sioux Falls this week to share what his firm is encountering as it keeps businesses cybersafe.

Kyle Hendrickson will speak at the fifth annual Cybersecurity Conference on Wednesday, Sept. 14, at the Sioux Falls Convention Center, hosted by the Greater Sioux Falls Chamber of Commerce in partnership with the Better Business Bureau.

While the topic of cybersecurity has been top-of-mind for years, a cyberattack increasingly has the ability to harm an organization in multiple ways. A recent survey by Cybereason found that 32 percent of respondents had lost top leadership following a ransomware attack either by dismissal or resignation — making it even more difficult to recover from lost business.

Hendrickson has been in information technology roles for the past two decades, spending the past 15 years leading cybersecurity teams and providing strategic guidance for C-suites. During this time, he built multiple IT and cybersecurity groups from the ground up – creating the vision and enabling the resources to keep important data and systems safe and secure. Most recently, Hendrickson was responsible for building the cyberdefense capability at a regional financial institution focused on improving visibility to all systems while reducing the attack surface of the organization.

He’ll speak at this week’s Cybersecurity Conference on the topic of creating a culture of cybersecurity and cybersecurity trends.

We got a preview of his perspective ahead of this week’s event.

What are some of the biggest challenges your clients are facing right now?

Cybersecurity insurance, getting new policies and renewals. Rates are up and policy coverage is down. Cyber insurance brokers and carriers are requiring controls like multifactor authentication, properly secured backups and EDR to be in place to renew or get new coverage. We have been working with clients on improving their cybersecurity programs so they can get their policy renewed and in some cases reduce their premiums.

Another challenge we’re encountering is business email compromise, or BEC. BEC-related losses for 2021 were $2.4 billion, putting it at the top of the list of crime types when ranked by losses. We have assisted clients with hardening their systems, social engineering testing and ongoing training to ensure they are prepared for email impersonation or email compromise attacks.

What about ransomware? Is that still a threat for businesses?

Yes, and it can be crippling. As of the fourth quarter of 2021, the average length of interruption after ransomware attacks on businesses and organizations in the United States was 20 days. How long could your business survive without any of your IT systems to allow you to create products or serve your customers? It’s critical to be aware of this issue and take appropriate measures to prevent attacks. It is also important to know that a malicious adversary can’t jump to encrypting everything or stealing all of your data. They need to first get malicious code on a computer, elevate themselves to an administrator, be able to remote control that computer from somewhere on the internet, find and compromise other systems on the network and, finally, once they find what they are looking for, steal data or begin encrypting. All of these different parts of the attack chain give us defenders an opportunity to disrupt their actions before really bad things can happen. But we need to be focused on the right things.

We hear about supply chain disruption, but how does supply chain also extend to cybersecurity?

Your IT supply chain also is able to be disrupted, just in a different way than more traditional supply chains. You might have heard about the compromise of IT vendor Solarwinds recently. Its infrastructure was then used to spread malicious code to take over its customers’ networks and was an eye-opening event. Properly managing vendor partnerships will continue to be a priority to ensure that those we do business with do not lead to us being compromised.

What is the solution to these and other cyber issues?

Having a trusted partner in cybersecurity that can assist with creating a plan to manage your cyber risk, reducing your attack surface so that you can focus on protecting what is important to you.

What are the most important steps organizations should be taking to protect themselves?

Understand what your current state is, build a plan to get to where you want to be, determine what an acceptable amount of risk is for your business, and find a partner to help you get there.

The Cybersecurity Conference will be held from 7:30 a.m. to 1:30 p.m. Wednesday, Sept. 14, at the Sioux Falls Convention Center. Tickets are $75 and include breakfast and lunch. To learn more and register, click here.

For more on how Eide Bailly can help your organization enhance its cybersecurity, click here.