Cybersecurity Challenges in a Nutshell

Computer security researcher Dan Farmer once said, If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” This is not reality because as individuals and businesses we rely on these devices. 

The mindset must be changed about where cybersecurity falls on a business priority list. Cyber incidents most often occur because a cybersecurity plan was not set in place prior to an incident. Cybercriminals around the world are deploying ransomware in our cyber infrastructures. after hours or over the weekend so that by the time the effects of it are seen, the damage is done through a phishing attack email or another form of exploitation.  

It is critical to be proactive when it comes to cybersecurity and already have defenses in place before bad actors reach your cyber infrastructure. Cybercrime has (unfortunately) cost companies trillions of dollars a year according to Cybersecurity Ventures 

$6 Trillion USD A YEAR 

$500 Billion A MONTH 

$115.4 Billion A WEEK 

$16.4 Billion A DAY 

$684.9 Million AN HOUR 

$11.4 Million A MINUTE 

Most recently, ransomware groups and criminal enterprises from Russia have been able to operate in their country with no chance of going to jail because it fits with the desires of the country’s leadership. If this leniency on cybercrime remains in countries like this, we cannot rest knowing our cyber infrastructures are not safe. 

Small to medium businesses are at a high risk for ransomware attacks and often cannot fully recover afterwards. 71% of cyberattacks happen to businesses that have less than 500 employees. 

Implementing Zero-Trust and having visibility into attacks and resiliency in order to mitigate the damage is critical in moving forward for any business. Frequent patching is another key operational strategy for defending against attacks-a prime example of insufficient patching would be the recent log4j incident. Without proper patching, organizations remain vulnerable to external entities.  

Additionally, phishing is one of the top ways that cybercriminals enter IT infrastructures, and without proper training, employees and their organizations are vulnerable. Phishing accounts for 90% of data breaches. Through these phishing campaigns, bad actors can steal passwords, install malware to access/control the system, or ransomware to immediately shutdown the business. Weak or stolen passwords make up 81% of breaches according to the Data Breach Investigations Report. This is why it is important to create strong passwords and change them often along with implementing two-factor authentication.  

Vice President and Global Chief Information Security Officer Stéphane Nappo of Groupe SEB said, “The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: “Cybersecurity is much more than an IT topic.” 

For more details on how to secure your cyber infrastructure watch our most recent webinar and schedule an assessment with us today. 

The Changing Cyber Landscape

Cyber-attacks have increased by over 800% since the start of the Russia-Ukraine war from suspected Russian bad actors. Attacks have become so much more frequent and unprecedented and their impacts even more devastating. The Colonial Pipeline ransomware attack in 2021 is a recent example and is the largest publicly disclosed attack against critical infrastructure in the United States. The Colonial Pipeline is the largest refined oil product pipeline in the U.S. and can carry 3 million barrels of fuel per day between Texas and New York. Attackers exploited an exposed password for a VPN account, stole data, and asked for a ransom of $4.4M. The attack was felt across the country through shortages of jet fuel, and fear of a gas shortage caused panic-buying, and a spike in gas prices. 

 

Global threats are not only dominating mainstream media headlines but unfortunately our cyber infrastructures as well. 2022 has already seen its fair share of challenges between Covid-19, supply chain issues, natural disasters, and the Russia-Ukraine war. Amidst all these events, cyber incidents were still the top global threat according to the Allianz Risk Barometer 2022 

 

Ransomware attacks cost companies millions each year. The top 5 known ransom payments include: 

 

  1. CWT Global 

AMOUNT PAID: $4.5 MILLION 

RANSOMWARE: RAGNAR LOCKER> 

  1. Colonial Pipeline 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Brenntag 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Travelex 

AMOUNT PAID: $2.3 MILLION 

RANSOMWARE: SODINOKIBI 

  1. University of California San Francisco (UCSF) 

AMOUNT PAID: $1.14 MILLION 

RANSOMWARE: NETWALKER 

 

 

Most of these vulnerabilities were hacked due to weak passwords or not having many defenses in place and only relying on firewalls. Most of these incidents could have been prevented through a proactive cybersecurity solution such as Identity and Access Management Services. 

 

Cyber criminals will often pose as co-workers, friends, or family members for network/password credentials or financial gain-this is called social engineering. The sense of urgency from an authority figure or family member often outwits our sense of realizing this is an out of character request. It often leads to instantly sending money to what seems like a familiar face. The network/password credentials shared provides entry that your typical security hardware and software won’t notice and allows unfettered access to valuable, critical data. 

 

Existential Threats 

As the attacks increase, so do the costs associated with them. The average cost of a data breach is $4.24 million for companies worldwide according to the 2021 Cost of a Data Breach Report. With all the hackers and scammers flooding our cyber infrastructures today, it is more crucial than ever to have the proper defenses in place. The toll on business productivity and financial standing is far too much. 

 

  • Existential Threat: Ransomware 
  • Real World Impact: Average cost of a ransomware attack is $732,520 when the ransom was not paid, but doubles to $1,448,458 if the ransom is paid 
  • Existential Threat: Downtime 
  • Real World Impact: Amazon, Microsoft,
    Delta, Sony, Nvidia—no company is immune from downtime and the brand damage
    it inflicts 
  • Existential Threat: Compliance Fines 
  • Real World Impact: New state compliance requirements are rolling out and the penalties are no slap on the wrist—California Consumer Privacy (CCPA) fines can run up to $7,500 per violation with no cap 
  • Existential Threat: Data Loss 
  • Real World Impact: Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss 

In addition to these existential threats, enterprises have faced a slew of IT challenges: 

  1. The average enterprise has 6 different forms of application infrastructure 
  1. …each of which comes with unique management systems and tools 
  1. 80% of time is spent managing risk 
  1. …which leaves little time for IT to create additional value for the business 
  1. Compliance requirements are evolving in real-time including the addition of state privacy laws.  California led the way with CCPA and 38 other states recently implemented privacy laws. 
  1. IT is expected to do more with less year-after-year managing cross-platforms, and security and compliance of different environments 

With the ever-increasing threat landscape affecting more businesses and individuals each year, it is understandable companies are seeking out a reliable partner to protect their cyber infrastructure. Ntirety can help your business build a security and compliance solution that meets today’s needs while strengthening your long-term strategy. For more information watch our recent webinar here and stay tuned for the next blog in this series. 

Building An Industry Response To Ransomware

While your business may have a disaster recovery plan in place, it is equally if not more important to proactively put security measures in place to defend your cyber infrastructure from ransomware and similar threats. The following piece is by Ntirety CEO Emil Sayegh originally published in Forbes. 

 

Building An Industry Response To Ransomware 

The term ransomware will often trigger a detectable response in even the most hardened security professional, especially as the industry sees an 800% increase in cyberattacks in the early days of the Russia-Ukraine war. This well-known digital blight carries so much impact that the appropriate response to the word itself is justified. Year after year, we can see that the rate and scale of ransomware attacks are skyrocketing, and recent attacks on Samsung and Nvidia illustrate an even more rapid acceleration —thankfully, the response to ransomware is also on the way up. One of the actionable ways that the threat is being addressed is through proposed legislative acts. 

A First Try: Ransomware Disclosure Act 

Among the most significant legislative measures proposed in the last few months is the Ransom Disclosure Act. On the surface, this governmental initiative, like many other initiatives, seems like a great idea, until you dig into it. The provisions in the act create a 48-hour window in which a company that has paid a cyber ransom must report various details about that payment. The disclosure mandate includes information on the amount paid, the date of the occurrence(s), the type of currency used, and any available data about the parties that made the ransom demand. This information is then sanitized by the U.S. Department of Homeland Security (DHS) and published on a public website. Still unquantified are the prospective penalties of non-compliance with the Act. 

From an enforcement perspective, it cannot be denied that there is a deficiency of active data that could assist in criminal implications and recovery. Rapid, detailed information can make a big difference in the ability for governmental agencies to step in, tracking funds and potentially being able to seize ill-gotten proceeds. 

For example, there was a partial but significant ransom recovery that occurred after the ransom payment in the case of the Colonial Oil Pipeline event. The Colonial incident was a major attack that had considerable national impact and publicity. Due to the publicity, federal agencies were involved in the response, and the partial financial recovery speaks for itself. Should similar actions be the response framework for all attack incidents? There are many practical points to debate in the matter, starting with whether the governmental authorities have the mandate, resources and capability to pursue these cases adequately and in a fulsome way. 

Disclosure Flaws 

While we all want actionable intelligence to maintain a level of awareness, the public aspects of this Act are cause for some legitimate concerns. Over the course of events, as they are publicly disclosed, it is possible that the proposed DHS site could amount to a ransomware leaderboard. This could add the unintended effects of increased ransoms, increased ransomware cybercriminal participants, increased volume of attacks and increased severity of successful attacks across the board. Here are some key flaws in this proposed reporting requirements by DHS: 

  • Public disclosure could result in the creation of successful ransom intelligence that cybercriminals can use by correlating data. It is possible to unintentionally disclose industry information, date, and time information, ransom amounts, and preferred payment methods. Even with the company names redacted from this base of information, cybercriminals can glean the identity of the biggest “scores” from public news, service information, and countless methods of dark web underground chatter.
  • The collection of information proposed in the act only focuses on the impact of the attack upon targeted companies. Once published, an incident could serve as a reference point for unknown public and financial repercussions.
  • Compliance and the roll out of a reporting program could lengthen the duration of disruption, extending the time needed to return to operations.
  • There doesn’t appear to be a history of successful piloting of such a system, including the impact on an industry.
  • Rival global cyber-gangs could derive intelligence from successful attacks, and fine tune their strategies.

What About False Security? 

Starting with Cyber-liability insurance, beware of a false sense of security. Ransom payments should be exceedingly rare and even nonexistent. This should never be part of a response plan even if you have cyber liability insurance, but these principles somehow persist. Publication of these flawed decisions serve to highlight the prevalence of unfortunate planning and a perceived lack of available ransomware responses. 

Numerous industry reports show that there is a false sense of security in ransom payment. Close to half of the companies that pay ransoms discover that their recovered data is corrupted. As we saw in the case of Ukraine, suspected Russian hackers used wiper code to completely destroy key data in banks and key governmental organizations. If, during the course of the attack, data made its way outside the company, that data is now “out in the wild” and there are no ransom-backed guarantees about what happens to that data. Further insult to injury, reports show that most organizations that are hit once with ransomware and pay a ransom will experience a second, likely-related ransomware attack. 

Bad Ideas and Good Ideas 

On the frontlines, organizations must continue to break free of the mentality and false sense of security that relies on outdated security such as cybersecurity insurance, vulnerability scanning, signature detection, and VPN systems. Instead, companies that are prepared to prevent ransomware threats must implement security measures that are comprehensive and full spectrum across the data center, cloud, endpoint, and applications. 

Actions against ransomware gangs such as the arrest of the REvil gang by Russia, and the extradition of the alleged REvil Ukrainian Hacker from Poland are a good thing, but insufficient if done as one-time events, as more sophisticated gangs will quickly pop up. Reporting programs such as what is proposed in the Ransom Disclosure Act have the potential to provide great advantages for a new breed of cybercriminals. This information should be privileged as the public focus carries too many unknown implications. Public information should instead be focused on identifying information about the attackers when available and figuring out their apprehension and prosecution. More detailed information should be passed on only to a group of private companies that are entrusted to fight cyber-criminals, while protecting the privacy of the victims. 

This First Step is Critical 

Time will tell what becomes of this proposed measure and how much traction it will gain. It is an indication of an important first step into these matters. With some tweaking and industry partnership, it could possibly be the right step in the right direction. 

In any case, the industry will continue to drive towards improvements in the defense and prevention of ransomware incidents but needs proper Governmental leadership. This type of partnership between industry and government is the best path for prevention of incidents in the first place. 

As we build up these improvements, organizations will be looking at both next level and first level steps to address these novel and continued threats including threat model strategy, multiple-layer security, advanced anti-ransomware technology suites, and behavior-based incident detection. While many of these disciplines are needed now, the cybersecurity talent drought persists driving a need for outsourcing and security partnerships. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.

2022 Cyber Realities

While 2022 holds promise for a better future through advancements in technology, new cyber risks will come along with it. We must move forward with a positive mindset, while not forgetting past mistakes. Originally published in Forbes2022 Cyber Realities builds on Ntirety CEO Emil Sayegh’s Predicting What 2022 Holds For Cybersecurity piece published prior.

Looking to the Future

In addition, to my top ten predictions posted on January 6th, here are a few more: 

  1. Ransomware Will Continue to Evolve

Ransomware, which is malware that encrypts a user’s data and demands a ransom payment to unlock it, is one of the most rapidly evolving cyber threats. Ransomware attacks continue to cost businesses billions, a trend that is expected to continue and attacks that ask for larger ransom amounts. This is a market, and incentive will drive innovations and evolution in an already rapidly changing and challenging arena of cat and mouse.  

  1. Blockchain Technology Will Be Used for More Security, Finally

Blockchain technology is often associated with cryptocurrencies like Bitcoin, but it can actually be used for so much more. Companies are already using blockchain to secure business data, improve cybersecurity, and protect user privacy. In 2022, many businesses will have moved their operations to the cloud – instead of having physical servers on-site – making protections from cyberattacks a priority. Blockchain technology can help to secure these cloud-based operations by creating a tamper-proof record of all transactions.  

  1. Employees Will Be a Major Source of Cybersecurity Threats

Employees are often the weakest link in a company’s cybersecurity defenses. They can be tricked into opening emails that contain malware, clicking on links that lead to phishing scams, and using unsecured Wi-Fi networks. In 2022, businesses will need to focus more on employee training and awareness to protect themselves from these types of attacks.   

As cyberattacks become more sophisticated, businesses will also look to AI, machine learning, and monitoring services to help them detect and respond to these insider-based threats.  

  1. Will the Password Become Obsolete?

Even though new technologies that can replace passwords are emerging, they won’t be very popular by 2022. These technologies include fingerprint scanners, eye scanners, and facial recognition. They are not very user-friendly and can be easily hacked.   

As a result, 2022 will still see the use of passwords for the foreseeable future. However, organizations should start to move away from using passwords and towards using two-factor authentication. Two-factor authentication is a more secure way of logging in that requires users to input a password as well as a randomly generated code that is sent to their mobile device. This will make it much more difficult for hackers to gain access to your account. It’s a step in the right direction as passwords are extremely fallible. 

  1. Governments Will Finally Realize How Much They’ve Lost Due to Lax Cybersecurity

State and regional governments have been slow to adopt new security measures because they have been underestimating the power of cybercrime. They think that their current policies are enough to protect them from attacks. But as more and more breaches happen, it becomes clear that this is not the case. In 2022, governments will finally realize how much they’ve lost due to lax cybersecurity and they will start to take action. They will allocate more resources to improving their security infrastructure and they will also work with businesses to ensure better protection of their data. 

  1. The use of AI for Cybersecurity Purposes Will Increase Exponentially

As mentioned earlier, the use of AI is going to increase exponentially in the next few years. This will be especially true for cybersecurity purposes. Cybersecurity companies will escalate the use of AI-based tools to detect and prevent cyberattacks. These tools will be able to analyze data at a much faster pace than humans and they will also be able to identify new threats that wouldn’t have been seen before. 

Looking forward to 2022, we must fully incorporate and reflect on the key cybersecurity events of the year behind us. There are valuable lessons, a bit of dirty laundry to clean still, and a challenge that should always be at the forefront of our operations. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.