DENVER: Cyber attacks have been part of the news cycle for the past few weeks, with JBS USA, the world’s largest meat processing company, being the ultimate target of these criminals.
These types of attacks don’t just happen to large companies: they are the only ones that are headlines, according to Scott Warner, president of Connecting Point, a subcontracted managed IT services company that provides services to small and medium-sized businesses in Colorado. in Wyoming.
Denver7 spoke with Warner about the recent wave of cyberattacks and what companies and individuals can do to better protect themselves from cybercriminals. Note: This interview has been edited for brevity and clarity.
Q: What about these cyberattacks on fuel pipes and meat processing facilities?
A: Well, I think what people see is just a proliferation, on a large scale, of what is happening on a small scale. Notoriety and the press focus on higher taxes, but Small Business USA is actually a much larger tax service. So people should know that cybercrime is a three million dollar annual revenue industry, so there is a lot of dollars and therefore a lot of activity in all verticals and in all shapes and sizes.
Q: So you don’t hear much about little guys, but they attack them too.
A: If we really think about it, the work that a large organization or company does for IT security and the money that goes into it is much more than what a small business should do to address cybersecurity. Therefore, there are more entities to attack with less focus and protection around cybersecurity. So, if you think about it, a great organization can still commit; how easily does a small organization engage as attacks become more elegant and complex? … And dollars are part of the solution, but education, awareness and training are more than half the battle, right? At the end of the day, you need to have the least common denominator as the individual, and therefore if the individual does not understand their role, this is the weakest point of attack.
Q: For most companies – I guess they are small or large – it’s not a question of whether, but when.
A: There’s an excellent term that I think most business leaders and owners should adopt, which is a “supposed breach,” which is the kind of lens you need to see, not if, but when . Cybercrime is constant and evolving, so I think if we see our responsibility to mitigate the risks and understand how to temper the carnage, we already know, when it happens, and get out in as good a situation as possible, it has already done so. your job to mitigate this risk of default.
There are a handful of common things that need to be adopted and implemented more broadly, but things like: Make good password hygiene, make sure networks are constantly updated and protected, endpoints are protected and ensure that two-factor authentication is enabled for remote access and critical logins and logins, protecting email and ensuring that when people send and receive Emails, which is where most of the damage really occurs with this email, and then, once again, train your people to understand that they are the weakest link and how to identify problems.
We can forget the amount of username and password leaks we’ve already had with big platforms like, you know, Facebook and LinkedIn and some of those big, big platforms where credentials have already been compromised. hygiene is important. But it is … it is a multitude of organizations and individuals that are really executing these credential acquisition efforts. It is therefore an important monetary industry and therefore we must be prepared to enforce this same kind of effort. Otherwise, you will always be chased.
Q: Describe the ransomware. Should companies ever pay? I’ve heard companies do it.
A: Therefore, organizations have problems when background data protection policies and procedures are not complied with so that the data is protected and the inability to restore it. Once data is lost, they have control, but the practice and procedure to protect the data is one of the most important things a company can do.
If done right, an organization should not have to pay any ransom to recover its data; we should be able to recover these records without paying ransom. You don’t want to have to pay ransom. If you have to pay a ransom, negotiate with someone with very little long-term understanding of what will happen to your data.
Believe it or not, there are some trust issues in the world of cybercrime. Actually, they’re pretty reliable because, if they lose confidence, that … I’m going to, you know, that someone will pay me the ransom “and I don’t get their data back” … There’s this very strange code of ethics that they have to perform , but you don’t want to get there and there are many ways to prevent you from getting there.
Normally, when a company has to pay a ransom, it is because, somewhere in its process, it was unable to protect its background data, to the extent that it should have or could have them and therefore , your data was compromised beyond your recovery, which, again, you shouldn’t get to. But sometimes the worst case scenario happens when an organization has to learn the lesson in the hardest way and paying the ransom is the only way out. The hardest thing for users is to navigate a path of greater endurance, right? Therefore, the easiest – and this is the one based on a type of cybercrime – is the path of least resistance for a user and the path of least resistance for someone who implements an act of cybercrime. Therefore, password hygiene is really important and is part of the basic component of a kind of healthy cybersecurity practice, password hygiene.
Q: I’ve seen something recently that says that all these Facebook contests that are shared around here are actually just trying to get answers to your password questions.
A: Absolutely, yes. So there are a lot of interesting tricks that are used to capture information and credentials that are sold and used to attack. Another interesting thing is that many companies have their email addresses on their websites. This is an easy way for someone to say, “I know the CEO, I know their email address, and I know how I can fake their email.” And that’s easy for someone, so it’s also important to be aware of that kind of thing.
(But not all Facebook contests try to get your information), but there are definitely some fake contests you should keep in mind. Never fill out these contests.
One of the things that has become increasingly important for small businesses is acquiring cybersecurity insurance. One thing to keep in mind is that as organizations try to acquire cyber policies, they are … subscribers are increasingly aggressive in requiring cybersecurity services and best practices for obtaining a cyber policy, which will be a trend for in small businesses. – They will have to reinforce their cyber practices even to be insured with cybersecurity.
And if you look at some large organizations, if they want to engage in business with a larger organization or with an entity or make an offer for a job, they have to prove that they have cyber insurance. But this is no longer easy to acquire.
RELATED HOLDERS –
JBS ransomware attack is a precautionary tale, which many experts have warned for years