The cybersecurity war just got a little more interesting, with maybe a couple of positives for the good guys.
I wrote several columns this year about the major hacking incidents; my recommendation in a ransomware cyber situation is never to pay the hackers.
My constant message is that everyone needs to ramp up cyber-defenses (including redundant backups). The government also needs to step up and hunt these hackers down has been part of this narrative. Finally, the Feds took a step in that direction this month; the news out of D.C. is that there will be rewards for handing cybercriminals to the authorities.
Will this be effective? Maybe. With some hackers, it will not, as there is an honor-among-thieves code in the subculture of hackers. But that will only go so far.
For every hacker not turning in their fellow criminal, there is one that is thinking, $200K to hand in Igor? Done.
Also of interest, the folks in Washington are considering sanctions against China for their (alleged) role in the Microsoft email attack (attacking on-premises exchange servers), which happened earlier in the year. This would also be a bold move since it is not just the Russians we have to contend with; the Chinese are also our adversaries in the international cyberwar.
Pivoting (a dumb word from 2020) from the international perspective to one of Florida.
Last week, I gave a presentation in Tallahassee on cybersecurity to the Associated Builders and Contractors. The stories from the audience were brutal.
One group never received the payment they were expecting; when they asked about it, the client said they got their “change of account” email and sent it to the new one.
There was no change of account; it was a fraud.
Another group said they got ransomware, and the full recovery took over three months.
These are the front lines of the war, and there are several reasons you don’t hear about these situations in the news. One example, the media obviously wants to cover big, high-profile situations, so those are the ones that get attention.
Another reason is no one wants to talk about being breached/attacked/hacked; it might make them look vulnerable or weak.
The bottom line? It can happen to anyone.
While I didn’t mention those companies in our meeting by name, I’m glad they shared their stories. It was powerful.
During the luncheon, we went over the basics; situations I’ve mentioned earlier: electronic funds fraud, phishing schemes and ransomware situations.
We also touched upon other examples of cybercrime, which are becoming more frequent.
Have you heard about someone finding a USB drive in the parking lot of their office, and then they take it inside and (WHAMO!) they get a virus? Or worse, they think the drive is blank, but, in fact, it had secretly installed keystroke tracking software on that PC just waiting for you to visit your bank’s website and steal your credentials.
This happens, and it’s usually to high-profile organizations — of which there is no shortage in Florida.
Then, of course, no cybersecurity is complete without the “gift card scam” section.
Why? Because people keep falling for it.
Imagine you’re a hacker working in an office overseas, and one person a day falls for this scam. Considering you make hundreds of attempts every day, you can be comfortable knowing your hacking job is safe.
Call center-like setups overseas engage in this type of thing full time, you know.
A similar model (but different approach) is the romance scam.
Envision living alone, especially in pandemic-y 2020, and getting a friend request on a social platform. Seems innocent enough. Your new friend asks you about your origami and those cool haikus you posted, and then after they groom you for a while (WHAMO!) they go for the con, asking for money to get to America from — insert country here — and need your help.
Yes, people fall for this too — all the time.
Needless to say, don’t send money to strangers overseas (or stateside, for that matter).
Big corporations will continue to make headlines, but hackers target and victimize small organizations all across Florida and the nation.
Ramp up your defenses, deploy redundant backups (expecting the worst-case scenario) and realize all communication tools (phone, web, email) can be a potential threat delivery system.
Then maybe, just maybe, Ivan will rat out Igor for being in a hacking gang, and the world will be a little safer.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].