20 California Food Producer EDITION 1, 2018 Editor’s Note: Francis Tam, who is a partner with Moss Adams, addressed CLFP’s board of directors at its annual meeting in April at the important issue and growing threat of cybersecurity. Cybersecurity breaches are often a result of improperly secured systems and a lack of user education and awareness - which means they can often be prevented with a more stringent cybersecurity strategy. In 2016, there were more than 1,000 data breaches affecting 36.7 milion records reported in the United States, according to the Identity Theft Resource Center. This represents a 40% increase compared with 2015. As of July 2017, there have been 858 reported breaches affecting 16.4 million records, not including the recent Equifax breach, which affected 143 million people. Current projections for 2017 put the total number of breaches around 1,500—a 50% increase over 2016. It’s important to note that these breaches aren’t only happening to large organizations. They’re also happening to small and mid-sized organizations, as attackers begin to target these entities more frequently due to their lack of sophisticated security controls. Cybersecurity Threats Most reported breaches are due to hacking, email phishing or malware, especially ransomware. In fact, ransomware, whereby an attacker locks or encrypts a victim’s data until a payment is made, has become one the biggest threats facing businesses and other organizations today. The latest statistics from the 2016 Kaspersky Security Bulletin show that a company is hit with ransomware every 40 seconds, which is up from every two minutes in early 2016. Email Phishing One of the main delivery methods of a ransomware attack is through email phishing, which is a social engineering technique that uses email to deceive end users into providing sensitive information, such as: ■ ■ Passwords ■ ■ Social security numbers ■ ■ Payment card information A phishing email will typically use a Word, Excel or PDF attachment to carry the ransomware program and once How to Improve Cybersecurity