MES IT Security Board member Terry Orletsky has seen first-hand how viruses have grown from pesky nuisances that impacted isolated businesses, to cybersecurity threats that dominate headlines worldwide.
With decades of IT experience under his belt, Terry Orletsky has witnessed the transformation of the security landscape on many different fronts.
For the last 15 years, he has served as the vice president of IT for The Ken Blanchard Companies, an international management training and consulting firm, based in Escondido, California.
Orletsky, one of the founding members of the newly-created MES IT Security Board, says the development and propagation of viruses over time has moved from a relatively harmless annoyance to mainstream criminal activity.
“One of the things that has evolved over the years is the ability to cause more and more damage, like ransomware.”
Orletsky recalls listening to John Carlin, the attorney general in charge of cybersecurity under the Obama administration, talk about the dangers of ransomware and phishing attacks, as well as how, in some cases, “lives become at stake.”
“Everybody’s advice is ‘Pay the ransom because we can’t do anything. We’ll tell you where it came from, but we still can’t do anything.’”
He describes an incident in which The Ken Blanchard Companies fell victim to a phishing scam. An email was sent to company management, supposedly from the CEO, asking for $17,000 to be wired to a bank in Waco, Texas in order to complete a business transaction.
One of the company's executives wired the money, and, “a few minutes later, [the CEO] came into the office, and [the executive] said, ‘I just sent that money for you.’ [The CEO] said, ‘What are you talking about?’ Then they said, ‘Oh my God!’”
Luckily, the bank in Waco had a policy of not completing any wire transaction over $10,000 for one hour, so the attack was caught.
However, Orletsky has faced other challenges as a result of the growing “privacy paranoia.”
“We are faced with those [privacy] concerns from every angle. We have to go through really extensive security questionnaires about our practices in both our campus in California and Ireland.”
He says one American financial institution decided not to use Ken Blanchard’s virtual training business because of security concerns.
“We’re small, but we have all of the policies in place. Really looking at it, what kind of danger and/or financial loss would you take if somebody got your email address and your name?”
Orletsky boasts that The Ken Blanchard Companies has only fell victim to two exploits over the 15 years in which he has been with the company. He credits this success to the company not being a big target for attacks.
“Our intellectual property is so well branded with Ken Blanchard’s name that you couldn’t possibly steal it and pass it off as your own. There isn’t anything that we have that is particularly identifiable as Personally identifiable information that people could go after.”
That being said, it is still vital for all midsize enterprises to have stable security practices in place in case they become the next target for a cybersecurity attack.
Orletsky explains, “everybody says it’s not if you’re going to get infected. It’s either when, or you already have been, and it hasn’t been let loose yet.”