In the closing weeks of 2019, there was a surge of cyberattacks that hit a multitude of businesses and organizations. Municipalities and healthcare organizations seemed to be especially targeted, with New Orleans and Pensacola being among the more prominent cities affected. On the last weekend before Christmas (a.k.a. the busiest time of the year for air travel) Alaska Airlines was forced to cancel several flights. The company, which serves more than 100 communities in Alaska – many of which are not accessible by road – was the victim of what was termed a
malicious attack on its computer network. And a healthcare organization in Canada had the information of possibly up to 15 million people compromised as a result of a Ransomware data breach.
Earlier in December, some tech experts opined on the Information/Age website that after a decline in ransomware activity in 2018 it increased again in 2019 and is expected to explode in 2020, and if December of 2019 was any kind of barometer then they may very well prove to be correct. Given all this, what can businesses both large and small do to stay ahead of the curve and prevent themselves from becoming yet another statistic and having to go through the trouble and expense involved with recovering from a data breach and/or dealing with a ransomware demand?
In a recent end of year webcast (Click to Listen/Watch On-Demand) that was co-hosted by Datatel and Secured Net Solutions, noted cybersecurity expert Steve Porter of Secured Solutions discussed these types of issues at length and what if anything businesses can do to prevent something similar from happening to them. One of the main points that Mr. Porter stressed was that whether you outsource your cyber security or tend to it in-house, whatever does or doesn’t happen is ultimately your responsibility. Keeping one’s systems up to date, running regular backups, and having up-to-date next generation malware protection is more essential than ever.
A lot of small businesses these days don’t have good backup processes, mainly because they don’t have the resources or the 3rd party that they have contracted out to is only running backups once a month, or even less frequent Porter explained.
Keeping patching cycles current is equally as important because a lot of ransomware out there is utilizing the current and latest and greatest vulnerabilities…in order to get that foothold so that they can encrypt all your files…
To that end, cybersecurity software companies are coming out with software that is specifically designed to combat ransomware, and if you already run Windows 10, there is a free ransomware detector included called Microsoft Defender – though there is a slight catch with this one in that you have to make a point of turning it on in order for it to detect ransomware, it does not turn on by default.
Given that ransomware and cyberattacks seem to have reached a kind of critical mass recently, you might wonder what factor(s) might be at work to bring on their increasing prevalence? Mr. Porter puts some of the responsibility on a combination of lax approaches to cyber security which may be driven in part by a lack of resources whether by perhaps necessity (in the case of smaller businesses) or design (highly centralized global firms with tens of thousands of employees who nonetheless allocate miniscule budgets vis-à-vis cyber security). This may be a result of naivete or a false confidence that they (or their 3rd party outsourcer if applicable) have everything under control until a hacker happens along to harshly disabuse them of this notion.
Regardless of your businesses/organizations size or circumstances, to avoid the resultant headaches, communication and collaboration between all the relevant responsible parties is crucial. Steve Porter mentions that it is very important that you are asking your IT provider(s) lots of questions. For example, are all security patches up to date? How often are systems backups being run? If it’s once a month or less, then that is a problem (ideally, these should happen every 24 hours; once a week at a minimum). Are your operating systems all up to date? For example, many organizations and individuals that are connected to organizational networks are still running Windows 7 which will no longer be supported by Microsoft effective January 14, 2020.
Another area that is worthy of attention is staff training and awareness. Unless you actually are a tech company, most of your employees a computer literate enough to perform their prescribed job functions, but likely not a lot beyond that. Yet, they are in fact your first line of defense against a cyber-attack. Phishing emails are becoming more sophisticated and
real looking all the time, and opening one is all it takes to infect your network. Mr. Porter suggests that companies make a point of organizing and conducting regular cyber security training and updates, including phishing simulations and other similar exercises, designed to teach everyone from the somewhat knowledgeable to the complete novice what they should be on the lookout for and appropriate responses. No one wants to make staff so cautious and paranoid that nothing gets done, but as Henry Kissinger famously once said in another context
Even paranoids have real enemies and a kind of
cautious paranoia (as Mr. Porter puts it) is a not unhealthy thing to instill in your staff when it comes to cyber security, where a few seconds of inattention can result in untold numbers of hours needed to rebuild lost files.
The webcast also stressed that this also applies to employees who work remotely, either from home and or when they are traveling for both business and personal reasons and toting along their laptops. This holds true for any and all outsourcers that you work with as well. Be very wary of airport, hotel, and other forms of public wi-fi. Make sure that the employees are connected to a VPN, so as to ensure that their connection to the company network is secure and shielded from those who might otherwise be able to see what you are doing via public wi-fi networks.
If you nonetheless do fall victim to a ransomware attack, before doing anything else the question then becomes – should I pay the money? Opinions vary among security experts and their views are by no means unanimous. Steve Porter is among those that take the harder line that paying ransom not only is enabling and rewarding what is – after all – criminal behavior but further abetting its continuance. On the other hand, sometimes there may be circumstances that are such that the need to get certain files released as soon as possible outweighs abstract principles. If you are victimized, do not hesitate to seek multiple perspectives from those with expertise in the area before making your final decision.
Either way, recovery from this type of attack is never painless, only painful in terms of degree. As was pointed out in the webcast, if you’ve run recent backups you can probably get up and running again fairly easily, though you may lose a few days’ worth of work. However, if you haven’t done recent backups, or if they are corrupted, the best you can do if you can’t/won’t pay the ransom you will likely have no choice but to start from scratch to rebuild your files. The important thing to keep in mind when dealing with the specter of cybercrime is that just like most other types of crime, is that there are options out there to avail yourself of that enable you to avoid (or at least significantly lower the odds of) becoming a victim.
About Datatel and Secured Net Solutions
Organizations are in a continuous struggle to ensure that all necessary safeguards are in place to protect their valuable information from external and internal security threats alike. At Datatel, it is our goal to ensure that our clients are prepared to successfully navigate the ever-changing Cybersecurity and payment security landscape. In partnership with Secured Net Solutions we provide our customers with tailor made services and solutions that ensure that they will always be prepared for and able to respond to information security threats.
Our team’s depth of expertise and breadth of capability in advanced technology is founded upon real-world experience, combined with solid technical training and continuous skill development. Our philosophy and core business align directly with the critical components required to assist our clients in establishing a more secure infrastructure and overall security posture.
For information on how we can help you addressing your Cybersecurity and Payment Security needs contact us at:
Toll-Free: 800-831-6660 x 257 E-mail: [email protected]