Hush - Digital Background

Exposing The Deep Dark Secret About Cyber Attacks

Randy Duxbury Cybersecurity

The Colonial Pipeline is a prime example of a recent high-profile cyber attack that we all heard about, but for every one we see in the news there are 20 to 30 big cases happening behind the scenes that we don’t hear about. The subject is taboo, a deep dark secret. People are embarrassed or scared to share with the public, so they try to keep it quiet.

Ransomware isn’t new, but it has been a hot topic lately with all the high-profile companies and organizations being hit with ransomware costing them millions of dollars and being reported heavily across the globe. What is Ransomware? As the name suggests, ransomware infects a computer, or computer network, holding it hostage until a ransom is paid. The added dangers of ransomware attacks are that the threat actors can release sensitive information if their demands are not met.

Most ransomware attacks come through your biggest weakness, your people. Social Engineering attempts through email with attachments or links posing as standard business correspondence (or an urgent request from your boss). If an unsuspecting employee clicks on the document or link, the ransomware starts spreading through their computer, and network, locking the user out and collecting potentially sensitive information. The cost of a ransomware attack is not limited to the ransom amount. To truly understand the cost of such an attack you need to consider how much you’ll lose because you cannot do business. The average shutdown from a ransomware attack is 16 days, can your business afford that?

The U.S. sees more than seven ransomware attacks every hour, turning what used to be a nuisance into a legitimate national security threat. It’s not just executives dealing with these types of cyber crimes anymore, normal people are feeling the effects as well. From gas shortages to missed days of school, and even delaying life-saving medical appointments. Long past are the days of putting blinders on and hoping for the best. We’ve heard from people speaking candidly that they would rather not know where their security holes are because then they’d have to fix them. This is a very short-sighted strategy (if you can even call that a strategy) because while you may need to shore up some security holes, those costs will pale in comparison to a full-blown cyber attack. While it’s hard to know for sure because many of these attacks are never reported to law enforcement, IBM estimates the average cost to a business from a data breach is $3.86 million. At that rate, it would take the average company 268 years to NOT see a return on their cyber security investment.

Imagine for a minute that you or your company fell victim to a ransomware attack, you end up paying the ransom to regain access to your network, and luckily the cyber criminals did not leak your sensitive information. How quickly would you invest in upgrading your cyber security? it would likely be your top priority to ensure you were not attacked again, right? The pandemic has increased the likelihood that this hypothetical scenario turns into a reality. The workforce turning mostly remote over the past year coupled with the way that hacking groups have reinvented the process with ransomware-as-a-service where hacking networks sell or lease their ransomware software to other criminal groups to utilize in their attacks. The affiliate groups then share their proceeds with the ransomware developers. Clearly, cyber attacks are not going away, in fact, they are only getting worse and more sophisticated. Let’s open a dialogue about your cyber security strategy, or all the “what-if” questions keeping you up at night. Click Here to schedule a Complimentary Cyber Security Checkup and Security Plan to ensure your company, your future, and your employees’ future is secure.