Like Your Business, Criminals Have Gone Digital
It doesn’t take much to trigger memories of a bygone era – when business was done with a handshake, and a person’s word was their bond. Perhaps, as a business owner, managing the day-to-day responsibilities of a company has never really been easy, per se; but, it’s a pretty safe bet that the generations that have come before didn’t have to deal with the heap of rules, regulations and digital threats on your plate today. And while these particular challenges can be enough on their own to overwhelm even the most seasoned business owner, now you have to worry about criminals from half a world away gaining access to your company’s vital information and holding it for ransom. It truly is enough to make anyone long for “the good ol’ days.”
Listen to episode 238, “Cybersecurity & Post-COVID Re-Entry Survival,” on unsuitable on Rea Radio, Rea & Associates’ award-winning podcast.
New Era Comes With New Threats
Unfortunately, times have changed. These days, business owners have a ton of challenges on their plates – from delivering top-notch customer service, managing complex balance sheets, and competing for top talent, to maximizing efficiencies, competing in a global marketplace and, yes, even securing essential company and client data from criminals who are looking to exploit your business for a quick buck.
The digital threat is real and not only is it proving to be catastrophic to the largest of companies out there, cybercriminals have been very successful in their efforts to infiltrate the digital networks of small- to mid-sized businesses. In fact, local business owner Duane Erb, owner of Erb Stove Center in Berlin, Ohio, recently sought out assistance from the cybersecurity and data protection services team at Rea & Associates after his company fell victim to a Ransomware cyber-attack that effectively stalled his company’s operations for about 10 days.
Ransomware is a type of malicious software (also known as malware) designed to give a criminal access to your data while threatening to publish it on external malicious websites for additional financial gain – unless, that is, a ransom is paid. Not only does this type of attack pose a huge financial risk, but it’s also a serious liability as the information most likely includes confidential information about employees, customers, and the company as a whole.
There are two main types of Ransomware with several variants out there in cyberspace.
- “Crypto” Ransomware is designed to encrypt valuable files on a victim’s computer so that the victim no longer has access to them.
- “Locker” Ransomware effectively locks the victim out of their server, workstations, laptop or device, preventing them from accessing their own business’s sensitive data through encryption.
What’s worse is that both types of Ransomware have evolved over the years and, today, there are thousands of variants, many of which are un-crackable by even the most tech-savvy professional. In some cases, even federal authorities do not have the ability to reverse engineer these modified versions of Ransomware.
Ransomware has gotten very sophisticated. It is being built inside applications such as email and other vulnerabilities within company networks and information systems. Often times all it takes is for you or an employee to click on a link within a fraudulent email to execute the malicious code. Once that happens, the Ransomware attaches itself to local information stores, such as a file and/or backup servers, customer databases or financial systems.
The threat to Erb’s business occurred even though the company had already established information security controls. Fortunately, he took swift action, which allowed Rea’s cyber team to quickly and efficiently respond to the event. But Erb is not putting his guard down. Since the attack, he has established additional security measures, which includes continuous monitoring by Rea’s cyber team.
Click here to check out this on-demand webinar: “What Is Life After Coronavirus? Cyber Risk & Telecommuting.”
The Risk Remains
The primary objective of the cybercriminal is to get their victim to pay a ransom. So, naturally, they will promise to restore the company’s data once the ransom is paid. Just remember that they are criminals and it’s in their job description to say and do whatever it takes to get their way. Even if you do give into their demands, there is absolutely no guarantee that you will get your data back or that they will unlock your systems and never “attack” again. There are many cases of cyber attackers asking their victims for a little bit of money at first to generate trust. Then, once the cybercriminal knows you are willing to play by their rules, they will see you as an easy target and will go on to extort more funds.
Surveys have found that an estimated 80 percent of small- to mid-sized businesses have already been compromised by Ransomware within the last 18 months. Of those that have been attacked, only 20 percent have come forward to report the incident. These numbers prove that a cybersecurity strategy and framework within small- to mid-sized businesses is absolutely essential.
How To Reduce The Threat
More often than not, cybersecurity tends to fall pretty low on a business owners’ list of priorities. It isn’t until the threat is staring them in the face that they take action. However, because malicious software can be programmed to hide deep within your system until the timing is just right, it’s quite possible that your network has already been compromised. Additionally, like most other services designed to prevent trouble from occurring, the cost to recover from a Ransomware attack (if it’s even possible), is substantial compared to what it would have been if preventative measures would have been put in place early on.
Surveys have found that an estimated 80 percent of small- to mid-sized businesses have already been compromised by Ransomware within the last 18 months. Of those that have been attacked, only 20 percent have come forward to report the incident. These numbers prove that a cybersecurity strategy and framework within small- to mid-sized businesses is absolutely essential.
The best place to start your cybersecurity journey is to contact a trusted business advisor to talk about the risk cyber threats place on your business in more detail. It’s important to remember that “John’s Auto Body & Collision” will have a very different approach to cybersecurity than a company that is required to follow regulatory frameworks and guidelines. So it’s important to work with specialists who can build a customizable and scalable solution that makes sense for your unique organization.
By Travis Strong, CISA (Wooster, OH)
Looking for more insight to help you protect your business from cyber criminals? Check out these resources:
[ARTICLE] Passwords: Turns Out We’ve Been Doing It Wrong This Whole Time