You roll into work on a Monday morning and learn your network has been infected with ransomware. The attackers have encrypted 100 percent of your data and demand a ransom paid in Bitcoin. You have less than 24 hours to make payment. What do you do? While this scenario may be hypothetical, the threat is all too real. You could just pay the ransom, but if you’ve never bought Bitcoin before, you will be surprised to know there is a three-day holding period once you transfer the U.S. dollars to Coinbase, the world’s largest Bitcoin exchange. If the attacker allows you to extend the period, you will find that a the ransom, but if you’ve never bought Bitcoin before, you will be surprised to know there is a three-day holding period once you transfer the U.S. dollars to Coinbase, the world’s largest Bitcoin exchange. If the attacker allows you to extend the period, you will find that a transfer of Bitcoin can take another three days. Can your business survive without access to your accounting system, payroll, accounts receivable, accounts payable, project files, scheduling, operations database, sales information and possibly email for an entire week? Do you have another plan in the event that you pay the ransom and they don’t give you the entire encryption key? (It occurs frequently.) You may be saying to yourself, “It won’t happen to us,” but many people have damaged their businesses and their firms’ reputation with this erroneous belief. Sure, an attack on your network may not be deadly, but you should consider these threats “black swan” events that can cause existential events.
So, how do you protect yourself? The reality is your network, your email and every digital device you have can be attacked at any time. Perhaps we get comfortable believing our company is too small or no one would want our data, but the reality is the malware and ransomware industry generates billions of dollars annually worldwide, and the smaller you are, the less sophisticated your security and disaster recovery will be. Many people imagine some nerdy hacker sitting in a dark room surrounded by monitors with empty bags of potato chips and half-consumed bottles of soda as the attacker manually tries to penetrate your network, guess your password or exploit a known vulnerability that your systems have not been proactively updated to eliminate.
Unfortunately, these attacks are carried out by global criminal organizations that are as well funded as drug cartels. They use ever-changing methods and rely upon your comfort, procrastination and ignorance regarding the sophistication of the attacks so you don’t take proactive action.
Here are the steps you should take to protect yourself: Your organization must have backups, business continuity and disaster recovery. These three terms are sometimes used synonymously, but they are very different. A backup is simply a copy of the data, and you may have more than one copy going back hours or even years, but you can’t operate from data alone. You must have the underlying operating system, databases and applications. Business continuity is a network design that assumes one or more failures will inevitably occur. Business continuity is a continuously updated and tested process with active systems that allow your business to restore to the last good backup to keep your business running. A business continuity system doesn’t need to have 100 percent of the performance of the primary system, but it will need to have 100 percent of the data, applications and security, and provide ongoing backups to keep your firm operating because you will be adding new data to it.
Finally, you need an offsite disaster recovery system that is physically and geographically separate from your primary systems. Understand the cloud is wherever your data exists, and you should have a disaster recovery copy of your data that is not in your primary cloud. The reality is 100-percent network security can only exist if users have no internal or external access to the data or the systems, but computers are worthless without access to the data. Have a plan and test it just like you prepare for safety training at your place of business or within a plant.
Next issue, I will review a layered security approach to thwart various types of attacks.
For more information, visit www.omnipotech.com or call (281) 768-4308.