As you drive in to work at the data center in the morning your phone rings, and on the other end of the line is a severely panicked employee. You can tell they are having the worst day of their professional career, based on the sheer amount of cursing and heavy breathing you hear as they tell you what’s going on at work. After a few minutes, you suddenly realize that your work day too has just gone toes up and you begin hoping that the bottle of acetaminophen in your desk is full. What happened you ask? A hacker has outsmarted your employees with a legitimate looking email. One unfortunate link-click later, and your organization’s data is being held ransom. You’re another company in a long line of ransomware statistics.
The recent incidents with the City of Atlanta are a good example of this. An attack launched by a hacking crew named SamSam successfully took control of the Atlanta municipal network in March of this year. The hackers were asking a ransom of $51,000 in cryptocurrency (Bitcoin) in order to release the data that they were holding hostage. The hackers didn’t block out things like police and fire services, but they did restrict access to a tremendous amount of the data that the city needed for utility payments, court proceedings, and jail proceedings. Realistically there wasn’t anything preventing them from also taking control of the traffic light system, the water treatment plant, or the 911 system. Sound terrifying?
I can only imagine the cash flow implications of the utility payments not being made, and the courts being at a standstill during the almost two weeks the attack went on. In other cities or businesses, there may be unexpected overtime taken by employees helping to mitigate an incident like this one. That could create a steep financial burden¬- one that may cause the victim organization to use reserve money, or even take out a loan. What would you do? How would you react and mitigate? More importantly, what are you going to do to make sure you don’t become the next in a long line of organizations that have become ransomware statistics?
It’s imperative that all organizations have adequate information security protections, processes and procedures, and proper training for employees to reduce the likelihood of compromise. If you are suddenly studying the ceiling tiles or telling yourself in your bravest voice that “this won’t happen to us,” stop doing that. Realize that while no breach is 100% preventable, there are things that you can do so that your name doesn’t get added to the list of cities, counties, and businesses who have been taken hostage and had their data held ransom.
The best way to prevent this, or effectively mitigate it, is to work with security experts. They can help create an accurate view of your liabilities, design a plan to remediate them, and train your employees on how to avoid being the vector by which your environment is compromised. They can ultimately protect you from being one of these ransomware statistics. Find an organization who will walk with you each step of the way as you create and evolve your information security plan, and can stay on retainer to assist you moving forward. The absolute worst thing you can do right now is to deny that you are at risk, and go on about your business as if nothing could happen. That is tantamount to inviting attacks and giving control to a foreign attacker who makes their living owning your network and your data.
If you need help designing, implementing or improving your information security plan, call FRSecure today at 877-751-1902 or visit our site and find out how we can assist you. Also, follow FRSecure on Twitter and LinkedIn to stay up to date on news and trends in the information security world.