TAMPA — When it comes to protecting companies against data breaches, experts say it isn't about stopping them. It's about minimizing the damage.
"Breaches are inevitable,'' said Jamey Dillon, senior manager at the security consulting firm Mandiant. "Our object is to make them as difficult as possible for (hackers) to do.''
Dillon was among several presenters at the Florida Center for Cybersecurity conference Wednesday at the University of South Florida. The state-funded center was established earlier this year at USF to help position Florida as a national leader in cybersecurity. The school's new master's degree program in cybersecurity prepares students for industry certification.
The one-day conference attracted about 450 people, including students and digital security experts in areas of finance, health care, defense, utilities and retail. USF president Judy Genshaft announced the school's designation as a National Center of Academic Excellence in Information Assurance/Cybersecurity by the National Security Agency for 2014-19.
Among the conference's keynote speakers was retired Navy Vice Admiral Mike McConnell, who served as U.S. director of National Intelligence under President George W. Bush.
McConnell said countries taking part in "economic espionage'' — namely China — pose a huge risk to the United States and its intellectual property. He estimated damages to U.S. businesses at about $450 billion a year.
"Businesses need to know you will be penetrated,'' he said. "They are stealing intellectual capital in huge volumes. We have to do something to stop it.''
All threats aren't equal, said Dillon, the manager from Mandiant, which was recently acquired by cybersecurity company FireEye for about $1 billion.
There are organized criminals seeking financial gains, often through the theft of credit cards, he said. There are also "hacktivists'' motivated by political agendas, such as the Syrian Electronic Army, which took credit for hacking the Associated Press' Twitter account last year and sending out a fake tweet about an explosion at the White House that injured President Barack Obama. It spread in minutes, prompting the stock market to drop sharply.
But perhaps the most relentless and well-funded are foreign governments, Dillon said. They hire workers devoted full-time to stealing intellectual property to make specialized products or modernize processes or operations.
Increasingly, protecting people's identities has become a top priority, said Scott Arnold, chief information officer at Tampa General Hospital. Security issues once relegated to the IT department now reach the executive level.
"The retail breaches have put this on the map of more senior leaders and board members,'' he said. "People are asking questions. It's getting their full attention.''
Health care organizations are particularly vulnerable because patient records contain so much private information, he said. The records also are accessible by insurance companies and other service providers.
"Taking care of patients is our priority but protecting their data is right along with it,'' Arnold said. "The last thing anyone wants to worry about when they are getting better is if Tampa General is protecting their identity.''