CYBERSECURITY IN 2020: LANDSCAPE, RANSOMWARE, AND KEEPING DATA SAFE

It’s difficult to find an industry that escaped the COVID-19 pandemic unabated. Many sectors were forced to drastically adapt on the fly to keep their companies profitable while prioritizing their employees’ safety. This led to a mass shift to working from home, which opened the door for cyberattacks on large and small businesses. For example, there were more instances of cyberattacks in the first half of 2020 than in the whole year of 2019. As a result, businesses have been forced to adapt and enhance their cybersecurity efforts.

In this post—distilled from President and CEO of Atlantic Data Forensics Brian Dykstra’s presentation from the Sayers Curio Virtual Tech Summit —we’ll be breaking down the following:

• The Landscape of Cybersecurity in 2020 and Beyond
• Ransomware Fact From Fiction
• What Companies Need to do to Bolster Their Cybersecurity Efforts

The Current and Future Landscape of Cybersecurity

First and foremost, it’s important to discuss how remote working has affected businesses and their cybersecurity efforts. Not only is working from home likely to continue until mass vaccinations have been distributed for COVID-19, but remote working is expected to continue for the foreseeable future. Businesses have learned that they can still be productive with a large number of employees working from home. Remote working is also extremely beneficial for employees who may have young children or other obligations.

But, remote working does have its challenges, with cybersecurity being perhaps the biggest. 2020 has seen a dramatic increase in security breaches, with remote access touchpoints being one of the key drivers—such as a remote employee’s laptop.

Phishing scams are often how most breaches begin, and they can be detrimental to a business’s bottom line. It’s important to note that today, everyone is a target. Whereas the early days of cyberattacks were mostly troll jobs—or people hacking for fun to prove they could do it—and seen as a nuisance, today, it’s a business. Some of the big hacking groups out there can target 8-10 companies per week. They utilize phishing techniques—among other methods—to carry out malicious attacks on companies.

The healthcare industry has seen one of the most significant upticks in attacks, but truly any business with a large enough bank account is a target today. Regardless of what a company does, there is likely a cybercriminal organization interested in that money.

There are plenty of different types of cyberattacks, but invoice fraud—predicting legitimate payments to the hackers’ bank accounts—and ransomware have become extremely popular in the last few years. 2020 has only added to the increase in these attacks.

For the most part, companies and their cybersecurity team had their ducks in a row with security efforts when everyone was working under the same roof. When the pandemic set in, cybersecurity efforts got all the more complicated. Not only did cybersecurity teams have a lack of control over remote employees’ security efforts, but many businesses were forced to lay-off employees after a few months into spring. This made it much easier to secure laptops, and other endpoints employees were using and closing things off to avoid attacks on said endpoints.

Because ransomware has become more prevalent, we’re going to focus on what businesses should know about this type of malware today.

Ransomware: Fact From Fiction

In its simplest definition, ransomware is a type of malicious software or malware that is designed to deny access to a computer system or data until a ransom is paid. While it’s a little more nuanced than that, in truth, defense against ransomware is quite simple. You either have backups for that data, or you don’t. You either can pay the ransom, or you cannot. Or, you either can prevent ransomware attacks from happening, or your defense is weak.

However, fending off ransomware has become a bit more complicated. Recently, the United States Department of Treasury warned that companies making ransom payments might be violating rules and therefore be subject to fines. For this reason, it’s important to work with attorneys if your company is ever the victim of a ransomware attack.

This statement puts businesses in a tough spot. If they are boxed in a corner due to a cybercriminal group threatening them that they will release sensitive information if they don’t pay up, what should they do? Not paying them can be harmful, as the company may lose business or clients, which will result in lost sales, which in-turn means lay-offs are possible. If they do pay, the government may fine them. It’s a classic stuck between a rock and a hard place scenario. Therefore, the best way to deal with ransomware is to stop it from ever occurring.

There is a misconception about ransomware that it is merely the process of clicking on a bad link, and *poof*, your entire company’s system is compromised. Instead, it’s a bit more of a process. Typically, a cybercriminal will attempt to gain access to the system via a phishing email. Once they have access, they’ll go in and steal data, package it all up, and move it off the network. Once they have what they need, the hacker will release the ransomware. The company will then receive communication from the hackers that if they don’t pay, they will release the data to the public.

And make no mistake; they are not afraid to release the data. These are well-run criminal organizations that are willing to destroy lives to get money. They do their research, finding how much a company has made in the last year, what the CEO makes, and how much the business has given out in bonuses to arrive at their ransom amount.

In addition, many people falsely believe that a ransomware group will continue to ask for more money down the road by threatening to release the information they still have. However, that is simply not the case. These criminal organizations have a specific business model, and it doesn’t involve re-ransoming past victims. If a business knows that the group threatening them will come back a year from now and ask for more money, they simply will not pay upfront and bite the bullet instead of being held hostage. The success of these cybercriminal organizations relies on the companies they extort getting their data back and becoming fully functional again.

So, how can companies avoid running into a ransomware issue? Here are some key steps to take.

The Nuts and Bolts of Keeping Your Data Safe

Adequate security is a process, not a product. There is no magical solution you can buy that will make your business impervious to cyberattacks. Instead, it’s an ongoing battle, where each and everyday you move the marker a bit forward, managing budgets and people along the way to create a more holistic, thorough cybersecurity platform.

With that said, here are four key things each and every business should ensure its cybersecurity measures cover:

Control Your Perimeter

First and foremost, your business needs a strong frontline defense. This includes using a high-quality firewall, fencing solutions, and blocking internal servers from talking to the entire world. Essentially, businesses should be using as manly controls on their perimeter as possible. Also, cybersecurity teams should not be concerned with what their firewall prevents but should instead be logging info on what has slipped through the cracks. By doing so, they can fine-tune their perimeter defenses and seal-up any potential vulnerabilities.

Utilize Two-Factor Authentication

Whatever your business can afford in terms of two-factor authentication solutions, use them. First and foremost, admin accounts should be the first priority for two-factor authentication. After that, email and desktop logins should be the focus. In a perfect world, all three of those entry points should include multi-factor authentication solutions.

Incorporate Anti-Virus and Anti-Malware

Anti-virus and anti-malware solutions need to also be at the top of your cybersecurity plan. As many solutions as you can incorporate into your system, you should. Upfront investments for your business’s cybersecurity pale in comparison to the ramifications of getting caught with an insufficient security platform.

Work With a Trusted Cybersecurity Team

Teaming up with a professional, experienced cybersecurity provider is another smart move a business can make to bolster its security efforts. A partner like Sayers will help you balance the need for security and productivity to identify the most appropriate and effective solution for your business.

Following those four simple principles will help improve your business’s cybersecurity standing immensely.

Brian Dykstra CISSP, CCFP

President & CEO, Atlantic Data Forensics

Mr. Dykstra has over 19 years experience in investigations, computer forensics, incident response, network and wireless security testing and information security. He was previously the CIO and Director of Professional Education at Mandiant, Inc. where he developed and managed numerous advanced computer security and cybercrime investigation courses.

If you are interested in connecting with Sayers or Brian Dykstra, please don’t hesitate to reach out and schedule some time.