Skip to main content

Before You're Hacked

It would appear that the international hacker and cyberattacker association recently convened and decided they wanted to go for broke (or strike it rich) on widespread chaos and discord in the lives of everyday, ordinary, non-wealthy people. What decisionmaking tree leads one to conclude that attacking, oh I don't know, AN OIL PIPELINE is a good idea?? Water supply? Hospitals?! It is disturbing, to say the least, and much of the effort to thwart these attacks is being placed on private industry. I could pen a separate post on reasons why this particular burden shouldn't be borne mostly by private industry, but it suffices to say that it's not too late to switch out the Space Force for the Cyberspace Force. 

I have several bones to pick with these nefarious actors. My biggest gripe is that they cause pretty significant disruption in the lives of innocent people--and I'm not just talking about the disruption of services. There is a seeping distrust, anxiety and/or paranoia that occurs in the wake of these types of events. Have you ever googled "underground bunker"? These types of events feed that doomsday mentality.

My second gripe is that STUDENT LOANS ARE RIGHT THERE! Do some good in the world! Just kidding...kinda.

And my third gripe is that these actors now almost exclusively demand bitcoin when they levy these attacks. I totally understand why. It's a lot faster and more difficult to trace than a wire transfer of USD. So, again, I understand why it's the currency of choice. However, these bad actors are giving crypto opponents more ammunition and those of us in the good fight don't need the additional work.

The reality is that, regardless of which side of the crypto argument you fall on, this is going to be a problem for all of us going forward. So, aside from reminding employees not to open suspicious attachments, what can organizations do to prepare themselves for one of these hacks/attacks?


Obtain Cybersecurity Insurance

These types of attacks are becoming so commonplace that businesses across every sector are purchasing cybersecurity insurance. When a business' security is breached, there is a myriad of things that can happen and most of those things costs lots of money. From the ransom demanded by the attackers, to the cost of forensic investigations, to defending against litigation from customers/clients, to crisis PR management when sensitive information is made public. These attacks can be expensive and require a multitude of resources that many businesses simply do not have at the ready. Insurance can be the difference between a timely response with a manageable financial impact and reputational ruin with bankruptcy.

Invest in Upgrades 

Schools, hospitals and public utility companies are frequent targets of cyberattacks because they have lots of sensitive personal and/or financial information and oftentimes have outdated systems and insufficient IT security resources. Software upgrades are oftentimes required by operating systems for a reason. Old versions have known security gaps that make for easy targets for exploitation. Many organizations argue that they cannot afford to make upgrades but the cost of upgrades will likely be less than the cost of a ransom. On top of that, in cases where the attacker obtains and threatens the release of private information, they oftentimes go on to release or sell some or all of that sensitive information after they've received payment. Upgrades may not completely eliminate the threat of cyberattacks but it certainly makes them more difficult and therefore less likely to occur. 

Develop a Back-Up Plan

In cases where business information is encrypted by attackers, Forbes estimates that more than 90% of organizations that pay ransoms don't get all their data back even when they pay the ransom. (Hackers simply cannot be trusted.) Because of that, and because it is simply a best practice, businesses should make it a point to develop and implement a back-up strategy. There are multiple strategies that utilize a combination of onsite and offsite locations, and an IT or cybsecurity consultant can help determine which strategy is best for a given business. But backing up data is the key to ensuring that your business is able to continue operating when a hacker attacks. So back it up.

A satoshi of prevention is worth a bitcoin of cure.

Comments

Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

A Changing Tide. But Not Really.

I almost titled this post, "An Open Love Letter to Rep. Darren Soto" but I thought that might be weird. I landed on [whatever it is] because it has recently occurred to me that there may be significant legislation around blockchain coming out of Congress this session. Rep. Soto (FL-09) has been one of blockchain's biggest champions on Capitol Hill and I expect that will continue to be the case. In anticipation of "big things blockin," I thought I'd revisit two blockchain bills that made it out of the House of Representatives during the last congressional session. Given the change in the make-up of the Senate, maybe we'll see them again. But maybe we won't need to see them again....? Stay tuned. The first of the two bills was the Blockchain Innovation Act. This legislation sought to have the Department of Commerce and Federal Trade Commission study the use of blockchain technology in commerce and assess its fraud and security risks and benefits. This

ABCs of DeF(i)

The summer of 2020 is notable for a host of reasons. A pandemic. #BLM protests. USPS shenanigans. But within the blockchain/crypto space, the summer of 2020 will be remembered as "DeFi Summer." Short for "decentralized finance," DeFi refers to a system of automated financial arrangements stored and executed on a distributed ledger such as blockchain. One of my business faves, Mark Cuban, recently touted the potential for DeFi to explode in the next 10 years. I may be biased but I agree; DeFi has the potential to revolutionize finance. Automation is Key We know that blockchain can facilitate peer-to-peer transactions in a trustless environment, that transactions happen without the need for a third party intermediary, and that an immutable record of the transaction is stored on the ledger. In other words, transactions happen automatically and records of transactions are incapable of being changed. This is why bitcoin was created. This is blockchain 1.0. We also know