Hawaii had 1,615 cybercrime victims who experienced a total of nearly $19 million in monetary losses last year, according to the Federal Bureau of Investigation's 2021 Internet Crime Report.
The state also experienced $22.5 million in total fraud losses in 2021, and 12,051 reports of fraud and other incidents. The top crime reported in Hawaii was imposter scams, followed by identity theft, according to the Consumer Sentinel Network 2021 data book.
The cybersecurity threats that affect businesses differ depending on the sector, according to Mike Taratko, principal architect of the security advanced services team at Hawaiian Telcom. Healthcare and airlines get a lot of ransomware threats, which generally come through email, he said.
“Ransomware can happen at any time and will probably happen to everybody at some point,” he said.
Ransomware is a type of malware that denies a user access to their computer in order to get the user to pay a ransom in exchange for the files back. A common example of this, Taratko said, is that a cybercriminal will pretend to be the help desk for a business and email an employee a link to install something they say will help fix a computer problem.
“People in Hawaii generally tend to be pretty helpful,” Taratko said. “If you know people in the organization, and know about their structure, you can throw some names around ... [and] you can craft an email or verbal conversation and ask for some sort of access or to install something.”
Having good backups and protections in your environment, such as antivirus technologies, or endpoint detection and response technologies, which shut down threats on the spot, are important, he said.
Because of the Covid-19 pandemic, many people began to work remotely, and those machines have become a part of people’s IT environments, Taratko said. The balance when it comes to cybersecurity for businesses is having each system be as secure as possible without being too complicated, he said.
“You don’t want to have too much friction, but you want to have it as secure as possible,” Taratko said.
“Generally, people say ‘Oh, I gotta do something else for my IT environment and it’s gonna cost money, it's gonna take us more time to implement' – so you think of it as an extra cost,” Taratko said. “Whereas if you do security and configuration pretty well, it's going to help with your availability, so your network, laptops and servers are more likely to stay up if they are monitored 24/7 for uptime and security risks.”
Many businesses will also buy cyber insurance, because they think putting security and controls in place themselves is too difficult, according to Taratko.
“They just think 'we’re just gonna buy insurance and figure it out as we go,'” Taratko said. “...There’s a lot of instances where you pay a million dollars for a policy, you think you’re covered, and then something happens and you don’t get reimbursed because you were not doing the correct security controls.
"Do your security properly – patching, configurations, hardening, and awareness training for your employees, and understand your environment. You do those things well, you could save yourself tons of premiums of insurance policies.”
