DAPHNE — Many businesses and individuals are much more vulnerable to computer hacking than most realize, and many people have already been hacked without their realizing it, a cybersecurity expert told members of the Eastern Shore Chamber of Commerce.

Brent Panell, a co-founder of ControlAltProtect, told audience members at the chamber's Eggs and Issues discussion series that no business or individual is too small for a hacker to attack.

Every victim says the same things. 'I never thought anybody cared about my data. I never thought I'd be a victim until I was a victim,'" Panell said. "There are 50 people in this room, 17 of you have already been hacked in the last five years, FBI statistics, and 23 of you are being hacked right now."

He said three audience members told him before the meeting that they had already been hacked.

"We're losing a war as a nation and I'm not being dramatic," Panell said. "I'm a Type A very passionate person. I will apologize to you now because I am trying to sell you something today. It's not a product. It's not a service. It's a change in your mentality. I want you to change the way you look at data security from this day forward."

He said the average length of time between a system being breached and discovery is 206 days. In that time, a hacker can do a great deal of damage.

"I've seen the worst," Panell said. "I see the CPAs who after 26 years in business, shut their doors. I see the hospitals who are already in a
negative situation because of COVID losing millions of dollars. I've seen the flower shop say 'I'm just a flower shop in Kansas, what do they want with me? She also services one of the biggest hospitals in the area and she was used as an attack vector to get to that hospital."

Small businesses that provide services to larger companies can be sued if it is discovered that their compromise led to an attack.

"Vendor risk is a real problem. It's a real problem," Panell said. "You will be sued because a forensic investigator proved that a hacker used you, a small guy, to get the big guy. That's why no business is too small."

While ransomware is a major concern, the most common type of hacking is email compromise.

"The most common cyber event is a business email compromise," Panell said. "We all worry about ransomware, which is a heart attack, but the reality is, your emails contain precious data. They tell a hacker who you do business with, where you bank, how often you order from Amazon. I could go on and on."

Panell said businesses should have security plans in place.

If you don't have a business continuity disaster recovery plan for cybersecurity, you're a sitting duck," he said.

Panell said businesses also not depend on company information technology workers but have trained cybersecurity experts check their systems.

"Because all of you are most likely relying on your IT guy, the smartest tech person you know to protect you. Respectfully, you are asking an orthopedic surgeon to perform heart surgery," Panell said. "If you want to stop a hacker, you have to hire a hacker. Sounds crazy, doesn't it?"

He said people also should not use the same passwords for different accounts and should use a password protection system.

Panell said most antivirus software is also little use against attacks. He said next-generation antivirus software is more expensive but will often better protect users against attacks.