Tech Lockdown: Prepare Now or Pay (Much More) Later
Most businesses rely heavily upon technology and, arguably, it’s one of your soundest business assets.
But what happens when your technology leaves you vulnerable, such as in the case of your IT environment suddenly held hostage by a cybercriminal?
According to Recorded Future, since 2013 there have been 170 city, county and state governments that have been attacked using ransomware, a type of malicious software built to interrupt or shut down your business or government operations. That means it’s a good time to understand how it works and, more important, what you can do to prevent it.
How it works
Ransomware blocks access to your data by encrypting it, then you’re informed you will only receive a decryption code when a sum of money is paid to these anonymous cybercriminals. The attack is sudden and the clock begins ticking for you to pay the ransom, or lose access to your computer system forever.
Fundamentally these attacks are successful because the proper safeguards are not in place for various reasons, the ain one being perceived cost. Statistics support the aphorism that it’s not so much a matter of “if” your organization will get hit, but rather a matter of “when” an attack will happen.
According to Malwarebytes’ Cybercrime Tactics and Techniques Q1 2019 Report, ransomware for businesses of all sizes is up 195 percent in the first quarter of 2019 since the final quarter of 2018, and up more than 500 percent when compared to the first quarter of 2018. This risk is certainly not going away anytime soon.
The financial backlash can be devastating, but even worse can be the loss of access to daily electronic processes, computer data, employee time, organizational records and invaluable information.
Recent ransomware attacks
- City of Baltimore: On May 7, the RobbinHood ransomware infection hit. An estimated $18 million has been reported as likely damages, with $10 million going toward the repair of the city’s systems, while $8 million is in forgone interest and penalties. Some services are still not restored and others are using manual processes.
- City of Atlanta: More than a year ago the city was brought to its knees as the result of a ransomware attack, when the cybercriminal demanded $51,000. Payment was not made and to date nearly $17 million has been spent repairing the damages. In addition, valuable police department dash cam video has been lost forever according to reports.
- State of New York: Hackers demanded $30,000 from the Erie County Medical Center in Buffalo. When hospital officials refused to pay, 6,000 of the hospital computers were wiped. It took six weeks to get up and running again, during which time employees were forced to
keep handwritten records. Officials estimate it cost $10 million to recover from the attack.
- State of Florida: In December, just before Christmas, a Florida grocery store suffered a ransomware attack when its QuickBooks server was held for ransom. In this case, the cybercriminal wanted
1.5 bitcoin or, at the time, $5,100. Because the owner did not have reliable back-up files they were compelled to pay the ransom, but they still lost a significant amount of data.
As you can see, regardless of the type of industry or size, cybercriminals are widely casting their nets, which reasonably ensures their catch will amount to a good payday.
8 steps to security
However, all is not lost. There are eight steps you can take that will go a long way in securing your IT environment, rendering it more difficult for cybercriminals to access.
1. Perform a security assessment of your IT environment. Do not rely upon “it hasn’t happened to me yet, so I doubt it will” reasoning. The risk is not worth it.
2. Provide security awareness to anyone accessing your IT environment to prevent the No. 1 cause of cyber-attacks: Phishing. Humans continue to be the weakest link. You need to go beyond training and make employees aware, so that it becomes part of the security culture.
3. Back up your data daily. If you find yourself in the unfortunate position of being a ransomware victim, the best way to recover from the attack is to have secure and reliable backups ready to use when you are held hostage.
4. Patch software immediately. When fixes are made available, don’t wait. Update your software so hackers can’t exploit a vulnerability.
5. Limit the number of people who can install software. This is the IT version of “too many cooks spoil the broth.” You need to trust that your employees are doing the right thing when installing and updating software, and that they’re not relying upon free software, which is a notorious gateway for malware.
6. Use a reputable antivirus software (AV). AV is a simple, yet powerful step that will lower your chances of being attacked by ransomware.
7. Perform security monitoring of your network. You MUST be aware of what is happening in your network by performing 24x7x365 monitoring, which will help ensure you’re actively looking for the bad guys.
8. Use two-factor authentication. Gone are the days of just a single password. Having two forms of authentication, such as a password and a biometric, to access your network will provide added assurance.
While nothing is foolproof, taking preventive measures maintains your brand, ensures customer retention and prevents a cyber breach. At the end of the day you want the peace of mind that’s provided when you know you have done everything you can—even when it’s “just in case.”
Mark Cousineau, CPA, CITP, CGMA, CIA, CFE, CGAP, CGFM, CRMA is a director at MGO and Karl Kispert is managing director of MGO’s technology group. You can reach Mark at email@example.com or contact Karl Kispert here.
Published in California CPA magazine July 2019