Skip to main content

Before You're Hacked

It would appear that the international hacker and cyberattacker association recently convened and decided they wanted to go for broke (or strike it rich) on widespread chaos and discord in the lives of everyday, ordinary, non-wealthy people. What decisionmaking tree leads one to conclude that attacking, oh I don't know, AN OIL PIPELINE is a good idea?? Water supply? Hospitals?! It is disturbing, to say the least, and much of the effort to thwart these attacks is being placed on private industry. I could pen a separate post on reasons why this particular burden shouldn't be borne mostly by private industry, but it suffices to say that it's not too late to switch out the Space Force for the Cyberspace Force. 

I have several bones to pick with these nefarious actors. My biggest gripe is that they cause pretty significant disruption in the lives of innocent people--and I'm not just talking about the disruption of services. There is a seeping distrust, anxiety and/or paranoia that occurs in the wake of these types of events. Have you ever googled "underground bunker"? These types of events feed that doomsday mentality.

My second gripe is that STUDENT LOANS ARE RIGHT THERE! Do some good in the world! Just kidding...kinda.

And my third gripe is that these actors now almost exclusively demand bitcoin when they levy these attacks. I totally understand why. It's a lot faster and more difficult to trace than a wire transfer of USD. So, again, I understand why it's the currency of choice. However, these bad actors are giving crypto opponents more ammunition and those of us in the good fight don't need the additional work.

The reality is that, regardless of which side of the crypto argument you fall on, this is going to be a problem for all of us going forward. So, aside from reminding employees not to open suspicious attachments, what can organizations do to prepare themselves for one of these hacks/attacks?


Obtain Cybersecurity Insurance

These types of attacks are becoming so commonplace that businesses across every sector are purchasing cybersecurity insurance. When a business' security is breached, there is a myriad of things that can happen and most of those things costs lots of money. From the ransom demanded by the attackers, to the cost of forensic investigations, to defending against litigation from customers/clients, to crisis PR management when sensitive information is made public. These attacks can be expensive and require a multitude of resources that many businesses simply do not have at the ready. Insurance can be the difference between a timely response with a manageable financial impact and reputational ruin with bankruptcy.

Invest in Upgrades 

Schools, hospitals and public utility companies are frequent targets of cyberattacks because they have lots of sensitive personal and/or financial information and oftentimes have outdated systems and insufficient IT security resources. Software upgrades are oftentimes required by operating systems for a reason. Old versions have known security gaps that make for easy targets for exploitation. Many organizations argue that they cannot afford to make upgrades but the cost of upgrades will likely be less than the cost of a ransom. On top of that, in cases where the attacker obtains and threatens the release of private information, they oftentimes go on to release or sell some or all of that sensitive information after they've received payment. Upgrades may not completely eliminate the threat of cyberattacks but it certainly makes them more difficult and therefore less likely to occur. 

Develop a Back-Up Plan

In cases where business information is encrypted by attackers, Forbes estimates that more than 90% of organizations that pay ransoms don't get all their data back even when they pay the ransom. (Hackers simply cannot be trusted.) Because of that, and because it is simply a best practice, businesses should make it a point to develop and implement a back-up strategy. There are multiple strategies that utilize a combination of onsite and offsite locations, and an IT or cybsecurity consultant can help determine which strategy is best for a given business. But backing up data is the key to ensuring that your business is able to continue operating when a hacker attacks. So back it up.

A satoshi of prevention is worth a bitcoin of cure.

Comments

Popular posts from this blog

The Rundown on CBDCs

Everyday there is a news report about a country that is "exploring" or "studying" the possibility of developing a central bank digital currency (CBDC). In the past few days, I've read articles about Rwanda, Israel and France looking to pilot programs with CBDCs. And yesterday, the Bank of International Settlements announced its backing of the development of CBDCs. With approximately 80% of central banks around the world taking a closer look at CBDCs, now is as good a time as any to learn more about them. What Are They? A central bank digital currency is exactly what it sounds like--a digital currency issued by a central bank. In the same way our central bank, the Federal Reserve, issues the U.S. dollar, it would similarly issue some official U.S. digital currency ('digital dollar'). This is pretty much where the simplicity of it all ends. Things get really hairy (really fast) when central banks have to figure out how CBDCs fit into a traditional financ

Before You Mint Your NFT

With NFT season taking a bit of a breather (kinda), I thought this would be the perfect time to lay out a few things to consider before minting an NFT.  If you missed the frenzy, well, welcome. "NFT" stands for non-fungible token and these digital tokens represent real world ownership and provenance of a particular asset. NFTs are minted (i.e., produced), stored and transacted (bought/sold/traded) on a distributed ledger like blockchain. Some NFTs represent ownership of tangible assets and some NFTs are digital/virtual assets  (yes, a digital piece of art was purchased for $69M). "Non-fungibility" is a scary word but it essentially means that the asset is unique, cannot be interchanged with another asset, and cannot be replicated. Think of NFTs as either collectibles, like artwork and trading cards, or title to tangible/real property, like real estate and cars.  So with all the excitement having simmered down a bit, below are a few things to think about before you

New home. Who dis?

This post will be short and not blockchain-related. I recently moved my blog to a new platform so I'm still working out the kinks on the aesthetic aspects. Thanks for your patience!