Skip to main content

Before You're Hacked

It would appear that the international hacker and cyberattacker association recently convened and decided they wanted to go for broke (or strike it rich) on widespread chaos and discord in the lives of everyday, ordinary, non-wealthy people. What decisionmaking tree leads one to conclude that attacking, oh I don't know, AN OIL PIPELINE is a good idea?? Water supply? Hospitals?! It is disturbing, to say the least, and much of the effort to thwart these attacks is being placed on private industry. I could pen a separate post on reasons why this particular burden shouldn't be borne mostly by private industry, but it suffices to say that it's not too late to switch out the Space Force for the Cyberspace Force. 

I have several bones to pick with these nefarious actors. My biggest gripe is that they cause pretty significant disruption in the lives of innocent people--and I'm not just talking about the disruption of services. There is a seeping distrust, anxiety and/or paranoia that occurs in the wake of these types of events. Have you ever googled "underground bunker"? These types of events feed that doomsday mentality.

My second gripe is that STUDENT LOANS ARE RIGHT THERE! Do some good in the world! Just kidding...kinda.

And my third gripe is that these actors now almost exclusively demand bitcoin when they levy these attacks. I totally understand why. It's a lot faster and more difficult to trace than a wire transfer of USD. So, again, I understand why it's the currency of choice. However, these bad actors are giving crypto opponents more ammunition and those of us in the good fight don't need the additional work.

The reality is that, regardless of which side of the crypto argument you fall on, this is going to be a problem for all of us going forward. So, aside from reminding employees not to open suspicious attachments, what can organizations do to prepare themselves for one of these hacks/attacks?


Obtain Cybersecurity Insurance

These types of attacks are becoming so commonplace that businesses across every sector are purchasing cybersecurity insurance. When a business' security is breached, there is a myriad of things that can happen and most of those things costs lots of money. From the ransom demanded by the attackers, to the cost of forensic investigations, to defending against litigation from customers/clients, to crisis PR management when sensitive information is made public. These attacks can be expensive and require a multitude of resources that many businesses simply do not have at the ready. Insurance can be the difference between a timely response with a manageable financial impact and reputational ruin with bankruptcy.

Invest in Upgrades 

Schools, hospitals and public utility companies are frequent targets of cyberattacks because they have lots of sensitive personal and/or financial information and oftentimes have outdated systems and insufficient IT security resources. Software upgrades are oftentimes required by operating systems for a reason. Old versions have known security gaps that make for easy targets for exploitation. Many organizations argue that they cannot afford to make upgrades but the cost of upgrades will likely be less than the cost of a ransom. On top of that, in cases where the attacker obtains and threatens the release of private information, they oftentimes go on to release or sell some or all of that sensitive information after they've received payment. Upgrades may not completely eliminate the threat of cyberattacks but it certainly makes them more difficult and therefore less likely to occur. 

Develop a Back-Up Plan

In cases where business information is encrypted by attackers, Forbes estimates that more than 90% of organizations that pay ransoms don't get all their data back even when they pay the ransom. (Hackers simply cannot be trusted.) Because of that, and because it is simply a best practice, businesses should make it a point to develop and implement a back-up strategy. There are multiple strategies that utilize a combination of onsite and offsite locations, and an IT or cybsecurity consultant can help determine which strategy is best for a given business. But backing up data is the key to ensuring that your business is able to continue operating when a hacker attacks. So back it up.

A satoshi of prevention is worth a bitcoin of cure.

Comments

Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

Finding Nemo: A Journey on the Blockchain

Imagine if Nemo was a salmon born and raised in a fish farm in Norway. And imagine if his life, including how many roommates he had, his environment and every meal he ate, was recorded. His death (mainly manner and date) were also recorded. His post-mortem journey to the U.S. was recorded, including where he may have stopped along the way, before making his way to the seafood section of your local grocery store. Now imagine if you could scan a QR code to get a snapshot of Nemo's life, death and journey to the U.S. before deciding to purchase him and do so knowing that his provenance is accurate and reliable. If you're lucky enough to patronize certain Whole Foods, you may be able to do this soon. A major producer of salmon in Norway is working to bring more transparency to its practices using blockchain as the infrastructure. As increasing numbers of consumers become mindful of environmental sustainability and ethical eating, these types of supply chain efforts will become mo

A Curious Crypto Caper Chronicle

The Hack Earlier this month, a hacker executed a massive crypto heist on PolyNetwork--a decentralized finance (DeFi) platform. The hacker was able to steal more than $600 million in crypto from thousands of users on three separate PolyNetwork blockchains (Binance Smart Chain, Ethereum & Polygon) and involving more than a dozen cyptocurrencies. In other words, this hack was * major *. The PolyNetwork protocol operates on multiple blockchains and allows users to send/receive tokens across these different blockchains using various smart contracts (also known as "bridges"). The hacker exploited a vulnerability in one of these smart contracts which maintains significant amounts of crypto to maintain liquidity and this allowed him to overwrite instructions and redirect all crypto funds to himself. From there, the hacker attempted to move the stolen crypto into various liquidity pools.   The Blacklist The hacker was successful in moving some of the crypto. But shortly after the