I’d like to think I’m making a difference in protecting SDN Communications every day.
Just like I check that my doors are locked before bed or lock my car in the parking lot, I also scrutinize every email I receive and try to create strong passwords. They may seem like small things but let’s consider the cybersecurity impact.
Ransomware is now considered one of the two biggest cyber threats to our country according to former CISA Director Chris Krebs. He recently spoke with the Washington Post about “Securing Cyberspace” in a live-streamed interview on YouTube.
Cyber thieves use ransomware to extort money from businesses and individuals by gaining access to computer networks and either encrypting data or locking out legitimate users. Then they demand payment – typically by anonymous digital currency - to restore the files or users’ access.
Krebs said the top two threats of the 2020 election were ransomware attacks on voter registration databases and disinformation campaigns undermining confidence in the electoral process. While he pointed out there were no ransomware attacks on the voting process, recent attacks have proven ransomware is a disruptive threat to critical infrastructure functions such as pipelines and the food supply.
In May, a ransomware attack on Colonial Pipeline took down the nation’s largest fuel pipeline and caused fuel shortages along the East Coast. Colonial paid $4.4 million for the software decryption key. A cybersecurity consultant involved in the case believes the hack was the result of a single compromised password.
In June, a ransomware attack took over computer networks of meat processing giant JBS Foods, shutting down operations in the U.S., Canada and Australia. JBS paid $11 million to get its nine beef processing plants back up and running as officials asked the public not to panic or make a run on meat products.
Krebs says the cybersecurity climate has changed enough over time and those two attacks were the tipping point to get bipartisan support for cybersecurity breach reporting.
"At a minimum, we have to have reporting requirements, particularly for ransomware,” he said. “We just don't understand what the denominator is and how many attacks are happening because companies are not informing the federal government."
The FBI estimates between 25% and 30% of incidents get reported to federal law enforcement.
In July, President Biden signed a national security memorandum to boost the cyber defenses of critical infrastructure. Among directives for federal departments, it calls for tougher action from private companies. And while the memorandum keeps reporting voluntary, there is bipartisan support for the Cyber Incident Notification Act. It would require certain businesses to report cyberattacks, including ransomware incidents, to federal officials.
So, what’s the alternative to reporting? Prevention.
Let’s go back to my emails for a moment. As much as I enjoy hitting delete, I evaluate each item in my inbox and have a “Phish Alert” button to use when things don’t look right. Twice in July I used it and received responses that the plugin application from my IT department scanned the email, found it was malicious and removed it from all network devices. Our IT team also sends out phishing email tests at least once a month that, when the button is used correctly, delivers a popup that says, “You’ve correctly identified a phishing test from your IT team.”
The annual cybersecurity training I and all SDN employees take helps us identify the red flags in malicious emails that could compromise our company’s security.
It’s just one of the many layers SDN's IT team has in place to protect the company against cyber threats. The IT manager recently shared the tools that make up those layers with employees, which I simplified into four buckets below:
- Educate employees. SDN subscribes to KnowBe4’s services and enhancements. Its PhishER is the tool that checks emails and scans them for confidence levels of whether it’s a clean email, SPAM or a threat.
- Secure access to the network and all devices on it. Multi-Factor Authentication prevents unknown users from accessing the network while Network Access Control verifies that anything plugged into the network is IT-approved and should be allowed.
- Segment and monitor the network. Keep bad actors from moving throughout the network but also monitor it for unusual activity. Antivirus endpoint protection and Security Information and Event Management applications can scan files, workstations and servers for malicious signatures and activity.
- Backup data. Consider the 3-2-1 rule: maintain three copies of your data on two different backup sites and one offsite location. Also, immutable backups, for example, secure data by storing it in a form that can’t be tampered with, changed or modified.
SDN also hires companies to test the network. The first happened in 2018 and again in 2019. In both cases, our IT team learned where the network would benefit from additional layers of protection, but in a positive setting.
Manager of Information Technology
But if that breach wasn’t “friendly,” I asked Chad Pew, SDN’s manager of IT, what an employee should do if they suspect a computer was infected.
“First, get off the network,” Pew said. “Turn off the infected device and unplug it from the network. Do whatever is necessary to stop the malware from spreading to other files from a desktop or mobile device. Then, contact IT for help.”
After it’s contained and identified, work toward restoring encrypted files can begin. Hopefully, the data can be restored without having to pay the ransom.
The FBI urges businesses not to pay the ransom because it doesn’t guarantee an organization will get its data back or access to its files. It also emboldens the hacker to target others for profit. Instead, victims should report ransomware or any cybercrime to the Internet Crime Complaint Center or IC3 division of the FBI.
A good, layered cybersecurity strategy addresses the entire network and includes every person in an organization. But as the cyber landscape changes and attacks persist, Krebs says it's still far too easy for the bad guys to take advantage of vulnerable networks and there’s more to be done.
"Spies are going to spy. And so we have to make it harder. We have to detect it. We have to mitigate it as fast as possible."
You can find a Cybersecurity Resources Road Map and more information for your business on the CISA website.
SDN is a leader in providing direct internet access, cloud connectivity and managed services to businesses and organizations in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.