Experts say maintaining online security best way to prevent cyberattacks
With more businesses choosing to keep as many workers at home as possible during the pandemic, companies found increasing need for better security measures for employees accessing sensitive files through cloud-based servers.
Protection in cyberspace
There was a danger in the air, but not via viral particles, a growing threat known as ransomware. Per the federal Cybersecurity and Infrastructure Security Agency, “ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
Payment aside, such incidents can severely impact the operations of businesses large and small and leave leaders scrambling to pick up the pieces. Such consequences can be reputational and economical in effect, CISA noted. Along those lines, organizations may suffer from any combination of lost productivity, a loss of credibility and trust, and of course, financial distress. On the note of monetary costs, the data tells the story. According to CISA, the monetary value of ransom demands has increased, with bad actors demanding payments of $1 million or more.
That reality hit close to home — literally — in 2019. Officials in La Porte County paid $130,000 in bitcoin in response to a ransomware attack that affected two domain controllers and resulted in network services going offline. Similarly, as reported by GovTech Today, Lake County was hit by a cyberattack that forced the shutdown of email service and several internal applications throughout county government.
It is unknown whether county officials paid a ransom to restore operations and requests for comment were not returned.
Clear and present dangers
Whether government or private entities, it can be an expensive and time-intensive endeavor to regain access to critical files and infrastructure. Shawn Massa with Valparaiso-based Golden Tech, a managed IT services firm whose clients include small- and medium-sized businesses, corroborated this statement. She said customers will reach out to her firm in the event they have been victimized.
It is never a fun phone call, and the sense of urgency is real, Massa said.
“In every case, they’re down hard,” she said. “Their business has been interrupted. They can’t get their data or use their systems. Their email is down in most cases, and they’re really desperate for help, looking for a hand and direction going forward.”
That is how we’ve had to deal with ransomware, she said.
In helping customers in this dire situation, Massa encounters her share of misinformation about ransomware.
“There is a fallacy they’re not big enough to be targeted,” she said. “And that’s just absolutely not true.”
In contrast, businesses of all sizes and in all industries can be attractive prospects to bad actors. Massa offers an analogy: “Imagine there’s a long hallway with a lot of doors, and they are just trying all the doors to see which ones are unlocked. And when they find one that’s unlocked, they’re not looking for (a) specific-sized company. They’re just looking for the opportunity to interfere with your business so that you’ll pay them a ransom.”
The doorway — or vector — is often an email that an employee clicks not knowing that it’s infected. This gives the attacker a pathway into the organization’s network so it can further wreak havoc. And worse yet, sometimes the results of the infection do not manifest themselves right away.
According to Massa, sometimes the ransomware can lie dormant for more than six months. Then when it presents itself — seemingly out of the blue — it can thwart operations.
Planning for the worst
The deleterious nature of ransomware attacks means that organizations need to get in front of cyber threats through a proactive approach. Massa said it starts with training employees on what to look for and having systems in place to mitigate threats.
“Get eyes on your environment,” she said. “That means monitoring and maintaining your systems, (because) the advantage is that you can know when something goes wrong, and as soon as something goes wrong, you can deal with it.”
Also related to prevention, Massa recommends keeping up with security patches and any software and firmware updates. Business leaders should not discount the power of a good backup system, either.
Massa takes her own advice.
“The backup system that we use, for example, is time based,” she said. “So, we’re making backups throughout the day, and it never copies over itself, (and) that means you have a fresh copy.”
Massa said in effect this means that, if you realize you’re infected on Monday, you could theoretically roll back to Friday and restore files to ensure business continuity.
Seth Spencer, CEO and founder of SERA Solutions, a full-service web design and digital marketing company in La Porte, offers a similar but different perspective.
He said websites can be prone to malware, posing inherent risks to visitors.
“One way that people’s websites get hijacked is that they’re not necessarily aware of it all the time,” he said. “For instance, there can be an automatic download that occurs when you go to their contact page.”
Just like an infection transmitted by an email, a hijacked website can create the same sort of problems on the victim’s end. That’s why, according to Spencer, it’s important to work with a professional to develop a website that’s not only aesthetically pleasing but more importantly, a secure website.
Such a company can monitor your site for malware and help you act accordingly to prevent financial or reputational harm.
On the user side of the equation, Spencer recommends using discretion when browsing the web.
Also, be mindful about which browser is the default. Internet Explorer, for example, is a common target for viruses, Trojans and other bits of malware. On the other hand, Spencer said, Chrome and Firefox are good standbys. Regardless of browser of choice, he reminds readers to update the browser as recommended, to further reduce the risk of threats.
Equal opportunity targets
Robert Middleton, a Federal Bureau of Investigation assistant special agent in charge, said he has seen it all in his line of work.
The public servant, who works from the Indianapolis office, said ransomware affects all walks of life and industries in both the public and private sectors. While he couldn’t offer specific details to the nature of the incidents, he did offer one telling statistic.
“I can tell you that we’ve probably been involved with about 15 ransomware matters in the state of Indiana in recent years,” he said. “(The attacks) ranged in scope and impact, from the smallest municipality and some of the largest private-sector companies.”
In other words, attackers do not discriminate when it comes to holding operations hostage. In the case of private entities, Middleton said his office advocates for leadership working in tandem with in-house technical professionals.
“One approach we encourage, when we do our outreach throughout the state, is for IT departments to really know it’s a hand-in-glove relationship,” he said. “It’s not just your IT department, but your C-suite folks, too, who have a thorough understanding of what’s really important — what’s (essential) to your core business function.”
To pay or not to pay?
In the event of a ransomware attack, Middleton said the FBI discourages payment. That’s because ransomware attacks would not occur without payment from victims.
The payment of extortion demands encourages continued criminal activity, leads to other victimizations and can be used to facilitate additional serious crimes.
There’s also the fact that paying a ransom does not guarantee an organization will regain access to its data. In fact, in some cases, individuals or organizations were never provided with decryption keys after having paid a ransom.
The FBI has a long tradition of not paying ransoms so as not to embolden criminals to target other organizations for profit.
Despite this recommendation, cyber insurance is a big and burgeoning business. In fact, net written premiums in the U.S. totaled $1.94 billion in 2018 — with 58% or $1.12 billion generated by stand-alone policies and the remaining 42% by cyber coverage included in standard commercial policies, according to data cited by Deloitte & Touche.
Proactive not reactive
Instead of relying on insurance policy coverage as a potential way to soften the financial blow of an attack, Middleton suggests what he refers to as a “front-line approach.” In other words, those tasked with maintaining security should be focused on prevention, first and foremost.
“We encourage IT departments to think about and make sure they’re updating any (security) patches,” he said. “We also highly encourage multi-factor authentication, backups and configurations that (are) updated and segregated from your main network.”
And in the event of an incident, Middleton said having a crisis response plan in place — and practicing it when appropriate — can offer peace of mind.
The same can be said of FBI intervention. Middleton said to inform authorities immediately.
“Get us involved as early on as possible,” he said. “We might not be able to help your individual situation regarding a ransomware, but what we will be able to do is get intelligence and try to connect the dots to benefit the larger picture.”