Community
A slew of high-profile companies have recently fallen victim to cybercrime including America’s Colonial Pipeline, EA Games, McDonald’s, and the world’s largest meat supplier JBS. The majority of these have involved ransomware attacks, in which hackers steal data or threaten to delete files if a fee is not paid – usually in cryptocurrency. JBS paid out $11 million in ransom, while the Colonial Pipeline paid Russian hacker group Darkside $4.4 million. In a recent Senate hearing, Colonial Pipeline’s CEO Joseph Blount described the decision to pay the hackers as the hardest one in his 39-year career. Even if the criminals are paid, there is no guarantee compromised information will still not be circulating on the dark web, or that stolen code will not be used to create exploits in the future. With so many attacks in such a short period, the question must be asked, why now? And what can companies do to secure themselves?
The upturn in cybercrime against corporations mirrors the general spike in cybercrime targeting consumers. As more people than ever are now making use of online shopping and e-commerce solutions, the potential for cybercrime has grown in tandem. Action Fraud reported that 15,000 accounts had been compromised between March 2020 and March 2021, and the City of London police stated that Coronavirus related fraud has cost £34.5 million. Attacks can be as simple as phishing texts and e-mails spoofing existing companies or can involve sophisticated backdoor exploits targeting software and hardware vulnerabilities. In the case of Colonial Pipeline, the whole attack hinged on one password which had been compromised and sold on the dark web. It seems the oldest cybersecurity advice to always change your passwords is proven to still be applicable in this instance.
Beyond changing your passwords, there are a host of ways companies can protect themselves including the increasing adoption of two-factor authentication, centralised and specialised password vaults, and employee security training. Undoubtedly the high-profile nature of recent attacks will caution businesses across the globe to review their security protocols, and make use of the services of ethical hackers who will find vulnerabilities in systems and test employee compliance with security procedures. The head of Britain’s National Cyber Security Centre Lindy Cameron has already warned that ransomware attacks are the primary cyber threat facing the UK, citing not only recent ransomware attacks, but the 2017 attack on the NHS which brought the organisation to a standstill for days.
While ransomware attacks are dominating the headlines, knowing that a data breach has happened is not always as immediate with other forms of cybercrime. McDonald’s did not discover that it had been a victim of a data breach until it hired an external consultant to investigate unusual activity on an internal security network, which revealed customer data in Taiwan and South Korea had been exposed, and employee and franchisee information had been taken across the network. If a titan of industry such as McDonald’s appears to be struggling to keep its cybersecurity tight, this sets a worrying precedent for smaller firms with less resources available to tackle the issue. One solution has been companies turning to cybercrime insurance to pay out in the event of an attack. It was widely reported that Colonial Pipeline has such a policy in place, with a $15 million dollar coverage. In this case, holding the relevant insurance may pay dividends, but with the growing threat of cyberattacks premiums are likely to increase.
It is not only up to businesses to protect themselves from cybercrime, but for government to provide a comprehensive response. The recent ransomware attacks which crippled US infrastructure and caused petrol prices to soar emanated from Russia, with President Biden laying responsibility with the Putin government. President Biden has in response signed an executive order promising to beef up US cyber security in the wake of the recent attacks. It aims to set out a standardised governmental response to cyberattacks, compel internet service providers to turn over information relating to cyberattacks, and establishes a Cybersecurity Review Board. Governmental agencies will also play a part in the response, as demonstrated by the FBI managing to recover most of the ransom which Colonial Pipeline paid to the hackers by tracing the Bitcoin trail. Such high-profile illicit uses of cryptocurrency may also form the basis for future regulation, cracking down on the means by which criminals are paid.
In the end, the best defence for your business is vigilance. Many of the principles that guarded businesses against older forms of crime such as credit card fraud still apply. Train employees, have clearly defined security procedures in place, keep software up to date, and in the worst-case scenario make sure you are covered. Cybercrime whether ransomware or in other forms of attack is here to stay, and businesses must adapt to protect themselves against the threat.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Boris Bialek Vice President and Field CTO, Industry Solutions at MongoDB
11 December
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
10 December
Barley Laing UK Managing Director at Melissa
Scott Dawson CEO at DECTA
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.