Thursday, April 18, 2024

Fighting cybercriminals

One byproduct of our technology has been hackers. In recent years, ransomware attacks have grown substantially, with cybercriminals locking down a company’s digital files or threatening to release confidential data unless payments are made.

These attacks can have widespread consequences. Six months ago, the Colonial Pipeline, which transports gasoline and jet fuel throughout the Southeast, was attacked. The company shut down operations and panic buying sold out gas stations.

Cyberattacks can cost a company millions because of downtime, recovery costs and customer turnover, particularly if a breach exposes personal information.  

One Source, a Greenville IT, telecom and cybersecurity company, has around 300 employees.  Steve Cobb, chief information security officer at One Source, has worked in IT his whole career, including for Verizon and Microsoft. 

A lot of what we can do is what we should already be doing, says Cobb, because it’s basic and not that expensive. 

For example, many applications now require two-factor authentication. “That’s an extremely easy one to take advantage of and put in place,” says Cobb.  “Usually, it’s fairly low cost and low-effort to put in an environment.  So that’s one right off the bat that you should do.”

But many companies don’t do even that, he says.  And so, employees, and often suppliers and vendors, can log straight in, and so can cybercriminals if they get their login and password on the dark web.

“I don’t want to trivialize this. There are those advanced, persistent threat actors, those nation-states, who do more than this,” says Cobb.  “But those typically are .. . . going after intellectual property or something much more.”

“These ransomware kings are cash grabs. They’re looking for the easiest target for the quickest turnaround on cash, so if you take some of those steps and put in some of those basic, low-hanging fruit steps, when the ransomware attackers run into those, usually they’ll turn and pivot to another environment. Because it’s just going to take them more and more time, and they don’t want to spend time.”

Cobb cautions that paying ransomware and thinking that solves the problem is not prudent.  “I always try to make sure people understand you’re dealing with criminals.” Companies need to – in a very short time – go through their systems and make sure the attackers can’t strike again. This is often beyond their capabilities, particularly in small businesses with limited IT resources.

“We’ve seen this happen first-hand.  An organization has been a victim of ransomware. They have an IT staff who is not extremely competent in security, but they are really good IT folks, and they say ‘We can recover. We can restore. We’ll be back up.’  The original actors will pivot into their backup environment and infect it. So, when you restore, you basically are just punting them back over to the brand-new environment again. And then the attackers quickly turn around and ransom the same customer again.  I’ve seen that happen many, many times.”

And that gets to the reality that some of our vulnerability is self-inflicted. We now access many applications in our daily lives — email, streaming services, news sites, online gaming — and, of course, many of us work remotely. We tend to want to use a similar password across all our applications.  

Cobb also sees companies with IT administrators who will use what’s known as a remote desktop protocol to access company servers from home over the public internet. Typically, this will happen because a server is acting up and the admin gets a call and hops online to work on the problem.

“So, attackers will scan the internet – this is a real thing – looking for this protocol to be opened in an environment. And when they see it’s open, they’ll start attacking it to see if it may be vulnerable to these exploits that are available.”

This is where multi-factor authentication and strong passwords are essential to protect remote access, he says.

One problem that he encounters is a lack of understanding of how hackers operate. Many companies and organizations are 9 to 5 operations, with weekends off.  And if they don’t have anyone monitoring systems after hours, hackers can be tripping alarms and red lights might be flashing, but if there’s no one watching, it doesn’t matter.  

Even with all the cybercrime headlines, it can still be challenging to convince privately held, small-to-medium companies that they need to ramp up defenses before there’s a breach.  “When we talk to a customer, more often than not,” says Cobb, “that conversation happens after a security incident, unfortunately.

“Because it’s very difficult, as you can imagine, for a corporation that’s maybe been in business for 15 years, it’s been a family-owned business, and has expanded and now they’re 300 or 400 people, and they’ve never had a line item in their budget for security.  Never been there.  They’ve never had to worry about it. And now here I come to say you need to be worrying about cybersecurity, and that may be something you need to spend money on.

“And the old guard may be saying, ‘Well, we’ve never paid for that before. Why do I need to worry about cybersecurity.’  We run into that pretty frequently,” says Cobb.

But after an attack, “100%, everybody wants to have that discussion.”

Related Articles