MINNEAPOLIS (WCCO) — It’s estimated that more than a 1,000 U.S. businesses have been hit by a cyber attack — and don’t even know it. That’s according to the U.S. Secret Service.
Such attacks that have hit Target and Supervalu were the inspiration behind a security conference in Bloomington Saturday.
A software development company called The Nerdery played host to intelligent minds from across the country.
The conference was put on by Security B-Sides MSP. According to lead coordinator Matthew J. Harmon, they’ve made a living out of keeping hackers at bay.
“The entire reason this event exists is to give a free security conference. The attackers are becoming more brazen. They are not seeing the need to remain under the radar,” Harmon said.
About 250 people registered for Saturday’s event. And of them, they estimate that about 200 are what are called “White Hat” hackers.
White Hats are considered “good guy hackers,” according to Tom O’Neill, president of The Nerdery. They are paid by companies to locate vulnerabilities so they can be fixed.
“These guys are getting paid to test the infrastructure, test the security of their systems, and then report back where the vulnerabilities are,” O’Neill said.
Through speakers, cryptography exercises and even a training exercise that used the human body as a metaphor for how to bring a company back after a cyber attack, security experts were able to test their knowledge.
But Harmon says despite advanced training, many companies still don’t utilize these skills.
“Organizations should be more vigilant about, well, the very simplest is reading their own logs. Because the intelligence exists within their organization to know what’s happening, but most people are just underfunded, understaffed or they don’t have the skills necessary in order to do that appropriately,” Harmon said.
He says Supervalu and Target are far from alone.
“Organizations are hesitant to disclose these,” he said.
Harmon says that’s why we’re seeing more of these security breaches. Also, in most cases, companies are now required by law to disclose when they’ve been breached.