Withum’s Cyber and Information Security Services Group provides security assessments for businesses and organizations to help them understand and reduce the cyber risks they face in their day-to-day operations. Some organizations mistakenly believe that they are not at risk for various reasons. For example, despite numerous cyber intrusions in the media, we still note that many businesses and organizations do not have an accurate situational awareness, e.g., “We are not a target of hackers.” Situation awareness in cybersecurity means understanding the current threats to your company’s environment, not just data loss; but significant impacts to your organization, e.g., to the confidentiality, availability and integrity of the organization that can and has put businesses and organizations to their knees. Modern cyber impacts have even put unsuspecting businesses out of business.
Unfortunately, anything connected to the Internet is a target. Hackers will take any opportunity to exploit a system. From data theft to activism, to blackmail and ransom, to plain old-fashioned trolling, hackers have never been more motivated to exploit a system on the Internet, any system. If you connect it, protect it.
Another common misconception among misinformed businesses and organizations is that they believe they are not a target simply because they are not financial institutions or IT suppliers.” This, unfortunately, is untrue.
Every company is now an IT company. Moreover, your organization will have some monetary assets and/or digital assets (bits n’ bytes), which can be converted to monetary assets, e.g., social security numbers, PHI data, access device numbers, and much more. From human-resource-related records, healthcare data, personally identifiable information (“PII data”), point of sale machines, to cloud based CRM solutions, Internet-based email and so on, there is no facet of any company that is immune to Cybersecurity threats.
When security professionals talk about cybersecurity threats, many terms are thrown around that can be confusing, daunting, or even intimidating. The threats are real on the Internet, and just like any physical location like the wild west, there are rough parts of town, people who want to do you harm, and people who want your money. The terminology in cybersecurity has some correlation to those physical threats.
This is the rough part of town just mentioned. Is everything on the Dark Web bad? No, not at all. The Dark Web is a name for a group of technologies that make for an Internet not seen by search engines. The only way to find something on the Dark Web is to know where to go, and monitoring it is notoriously difficult. Why is the Dark Web mentioned in the realm of cybersecurity? While not everything on the Dark Web is bad, the bad guys conduct their business there. When a record-breaking leak of private data makes it onto the Internet, it came from being dropped and published on the Dark Web. Cybersecurity professionals curate lists of places on the Dark Web where these people do business and monitor them for indications that a business has been victimized by a threat, these professionals often find out about the issue before the affected business does.
If the Dark Web is a rough part of the Internet, a Denial of Service attack is what happens when the bad guys come out of the shadows and aim to shut down a business or neighborhood. These attacks in Internet-terms are when hackers shut down a website, a whole business, or even whole segments of the Internet. They can do this many ways, using coordinated group efforts, looking for weaknesses and using them to shut things down, or using the assets of other companies and people they have taken in other attacks.
Ransomware has been in the news a lot this year, causing many current cybersecurity issues, costing tens of millions of dollars, denying people services, and – in one very sad case – leading to the death of one person. This person had to be routed to a hospital further away because a ransomware attack completely shut down the closest hospital. This tragedy is the pinnacle of the dire situation that stems from cybersecurity risk.
Ransomware is the equivalent of kidnapping, mixed with blackmail. Hackers break into a network or a workstation, even an email account. They then prepare your environment by removing backups and quietly hiding their activity. Once prepared, they strike, locking all files behind an encrypted schema and leaving a note with instructions on how to pay the hackers to provide the keys to unlock them. Once they have attacked, the victim has two choices; lose their data, or pay the ransom. There is (virtually) no other way to salvage the files. Aside from the loss of data, when a business experiences a ransomware attack, the process of the attack will nearly always take the business offline.
Ransomware attacks have increased 7-fold this year, and the cost of recovering from an attack has increased correspondingly. As of this year, the average cost of recovering from a Ransomware attack costs between $600,000 and $1.2 million. This says nothing about reputational impact, or the impact of clients not being able to access the affected business. To compound the difficulty of a ransomware attack, there has been a trend of hackers threatening to release the compromised data if the ransom is not paid, adding the threat of a breach to the already existing Ransomware.
The National Cybersecurity Alliance has declared Cybersecurity Awareness Month 2020’s theme as “Do Your Part.” Our lives and the Internet intertwine more and more, to the point that any interactions on one affect the other. As that interaction grows more and more seamless, everyone and everything is exposed to cybersecurity risks. To help businesses understand the risks that they are exposed to, our cyber team generates Open Source Intelligence (OSINT) reports for any business. These reports offer direct insight into the threats your business is exposed to on the Internet, whether you see them or not. Hiding from the threats, or hoping those threats simply overlook your business is no longer effective. Defense is the only option. Build your walls high, regularly inspect them, and never accept “good enough.”