Is A Hack-Attack Cybercrime Summer Coming?
Why does a leading Technologist out there battling cybercrime think this is going to be an historically bad summer for business hacks and ransom? Maybe not the most surprising prediction given the plethora of cybercrime news every day. What may shock you is how smaller companies can bear the brunt of the pain of criminal activity this summer, and beyond. Adam Karp, Managing Partner and Co-Founder of KL Tech answered a few questions with information that every business owner should know–before it’s too late.
Q. Adam, you’ve been dealing with computer security for the last 20 years but you have been quoted saying this summer is going to be horrific, the worst cybercrime season ever, why?
A. Watching the nightly news should be giving anyone with a computer network the chills. We are seeing the sheer volume of hacking intrusions skyrocket and what’s really frightening is that only a small fraction of them make the news. Evidencing this are the numerous new companies that facilitate creating Bitcoin Wallets, mostly to help companies pay ransom.
Q. Isn’t the real risk only to big businesses with big data who are targets for multi-million-dollar ransoms? Why go after smaller companies?
A. The news reports might make you think that way, but we are seeing a 10-fold increase in the contacts we are getting from business who have already been breached. These range from big networks to small companies with only a handful of devices. Whatever your size it can be devastating and threaten the business’s existence if customer data or proprietary information is stolen. Something as basic as losing your electronic schedules can wreak havoc not to mention the cost of a ransom. For every Colonial Pipeline there are a multitude of smaller business attacks that are occurring every day. Companies don’t publicize the embarrassment; you’d be shocked how many businesses you know that have been victims.
Q. So, what do companies that are breached have in common?
A. To start, they aren’t our client. Seriously though, we won’t offer Managed Services to a company that isn’t going to utilize our comprehensive cyber defense strategy because there are so many vulnerability points. Companies that have anti-virus software, backup and utilize cloud computing may think they are safe. It’s sad, and they are shocked to discover that isn’t enough, not nearly enough, with the criminal sophistication these days.
Q. Where are you seeing the most vulnerability?
A. Sadly, it’s across the board. Sometimes it’s a phishing or spoofing program that enters via email, sometimes it’s poor password discipline. The bad guys know what they’re doing, once they get into your systems, they will look for and delete any backups they can locate before launching the Ransomware. We have also seen cloud resources like Office 365 Mailboxes become encrypted and held for ransom.
Q. Is all of this coming from Russia and sophisticated cybercrime syndicates?
A. That is a very active source targeting infrastructures and multi-national companies. Their success breeds more attacks until security catches up and vulnerabilities are mitigated. Still, for every “big” hack there are innumerable smaller infiltrations. You can go on the dark web today and buy a hacking kit online! Not only can any criminal with a computer hack any size business, there’s even a cybercrime “helpdesk” they can pay to help them if they encounter resistance.
Q. What’s the answer, or is it so hopeless you just have to pray you don’t get hit?
A. No, it’s not easy but not hopeless. Doing nothing probably means you are dealing with when and not if you will get hit but top Managed Services Providers like us are able to assemble a suite of leading-edge tools and best practices that together form the strongest defense yet.
Q. Is paying for a cyber security via a Managed Services Provider a get it and forget it option?
A. If it was only that simple. While we do handle the heavy lifting and provide 24/7/365 system and device monitoring, security must include the behaviors of users and employees. When we take on a new client we tell them up front that they will have to use a Password Management solution and have their staff go through our Security Best Practices training.
Q. Is that because security is only as strong as the weakest link?
A. Absolutely, and while our tools minimize infiltration impacts an employee can inadvertently facilitate through poor password discipline or email spoofing (where an email looks to be from their boss), or working from home, there are a host of things that together create vulnerability. That’s why our service includes End Point Detection, Mobile Device Security, Email Security, Vulnerability Scanning and Dark Web monitoring, to name a few of the elements we include.
Q. The Dark Web, that always seems like some scary mystery, is it?
A. At our initial demo with prospects we provide a Dark Web scan and they are shocked when we show their company, employee, and personal passwords that are already available on the dark web. That’s the place where much of the breached information is bought and sold so having that monitored is a critical part of security that is often overlooked.
Q. You paint a gloomy picture for this Hack Attack Summer, should business owners be losing sleep thinking it’s not if but when, as you say, their system gets attacked?
A. I wouldn’t blame anyone in business for losing sleep if they haven’t fully modernized their cyber defenses. For any business that relies on computing and data there is a real fighting chance if they do the work to make sure they have all the leading-edge systems covering all the vulnerability points and have someone with expertise monitoring it all, who knows what to do, when an intrusion attempt is detected.
Q. How does KL Tech help business owners sleep better?
A. We know that cybersecurity isn’t a core competency of most businesses so just for the asking, we happily provide them with both a free security audit and dark web scan to identify if they have vulnerabilities. The good news for businesses is that the costs of defense today are practically a no-brainer in contrast to the cost and consequences of a security breach. Companies can reach out to us at firstname.lastname@example.org and sleep well this summer.