In early 2021, a cyber-attack was made on a water treatment facility in Oldsmar, Florida. The hacker infiltrated its computer systems and changed settings, increasing the volume of sodium hydroxide, slated to enter the water supply, to an excessive amount. A single, vigilant employee managed to catch the issue before it could do damage.
With all the knowledge and information available today to thwart cyber threats, why does this keep happening to fundamental human lifelines like utilities, healthcare, finance and business?
Is the adoption of new technologies not keeping pace with advanced threats? Are poor access controls, legacy systems, remote access, ransomware and insider threats to blame? Or are businesses just understaffed, under-resourced, and plain overwhelmed by what digital acceleration means for them right now and in the future? The answer for most is likely, D: All of the above.
The Age of Acceleration
The events shaping the past couple of years could easily define the time period as, “The Age of Disruption”, with the Covid-19 pandemic flipping everything about how businesses and communities engage on its head. But one theme that is consistent throughout is acceleration. We are all reimagining, transforming, adopting, adapting and repositioning in some way to engage and connect with others in new and different ways. And, if you—a corporation, small business owner, hardworking citizen, or contributing member of society—are doing that, unfortunately, so are cyber criminals.
You probably don’t typically spend a great deal of time thinking like a hacker. But, under the circumstances, it might be a helpful exercise to do so. What circumstances, you ask? For one, what does disruption or accelerated change mean to a hacker? Again, unfortunately, not much. Stealthy cyber criminals operate flexibly to be in position to exploit windows of opportunity. You probably see where this is going. Not only are we not on an even playing field, but we also don’t have the advantage. Cyber criminals are capitalizing on the transition to remote work, the scramble for businesses to adopt new operating models, and the vulnerability of unsecured or under-secured legacy systems, and there’s more to come.
Digital Accelerants
There’s more pressure than ever before to protect networks as the channel for conducting business in today’s global marketplace. Protecting the network from threats and vulnerabilities can be daunting under normal circumstances but, there are currently several technology disrupters driving digital acceleration that will impact the future of networks. These include AI, machine learning, Big Data and analytics, and 5G. Some are new, some are not, but all are interdependent and add complexity to existing IT systems.
“While digital technologies have been developing for many years, in the last decade their cumulative impacts have become so deep, wide-ranging and fast-changing as to herald the dawn of a new age. The cost of massive computing power has fallen. Billions of people and devices have come online. Digital content now crosses borders in vast volumes, with constant shifts in what is produced and how and where it is used.”—Digital Cooperation Report for the Web
The Evolution of Ransomware
Unassuming ransomware. It targets files in a slow-moving progression, zapping users’ access by restricting files and/or access at the system level. In 2020, research showed a 7-fold increase in ransomware attacks, as compared to 2019. That might not be as concerning if ransomware hadn’t also evolved. The ransomware families that appeared popular in 2019 are no longer as popular now. New ransomware families dominate the scene, and they no longer target individuals, but companies.
The many ways ransomware can spread infection today is quite varied and comprehensive. It might surprise you, the breadth of damage that can be done via an attack on mobile devices, Wifi networks, cloud storage, external hard drives, unpatched operating systems, and backups (yes, even your backups can be hacked). Ransomware can reside in a variety of applications, ranging from Skype to the Google Play Store, and gain systems entry through suspicious emails and fake desktop updates. Once downloaded, malware can hide in modified Windows registry keys, temporary folders, Microsoft Word files and elsewhere. It can even encrypt encrypted files at the device and file levels and hold them hostage for ransom, hence the name.
Ransomware begins simply enough, but like slow-growing cancer, your infected network then metastasizes and progresses to impacting your customers, service providers, utilities, all the way down to employees. So, how do you protect critical information assets traveling across your network?
Don’t Open the Door
Similar to how employee security awareness training helps close the door on social engineering and phishing attacks, application execution control closes the door on unknown threats, like ransomware and malware, while permissions settings “allow” trusted software to run within the IT infrastructure. Application allow-listing (formerly known as whitelisting) technology solutions, such as those offered by cybersecurity leader, ThreatLocker, simplify deployment with semi-automated options that ease the burden of manually building an allow-list.
Read more: 5 Tips for Protecting Data.
The Era of Managing Everything In-House Is Over (at least, for now)
Ransomware is on the rise because it’s underestimated and easy to deploy to vulnerable targets. During a time of unprecedented technological acceleration and economic and societal change, companies don’t have to be unwitting victims.
Right now, while cyber enemies are on the increase, cybersecurity roles are the hardest to fill. There’s something really wrong with that order that will, hopefully, resolve itself over the course of time. But you don’t have to wait till then to get the technical help you need. Whether you have an IT resource, an internal team, or no cybersecurity support at all, MSP, Path Forward IT can be the security partner who helps you confidently establish and implement your allow-listing strategy.
A few other ways Path Forward IT can support you and keep your network safe include:
- Administer security awareness training to your employees, including mock phishing attacks
- Conduct an audit to review your protection, hardware, and security configurations
- Collaborate on policies development, ensuring compliance with HIPAA, NIST, and other industry regulations
- Assure your network security through managed cloud services, including proactive 24/7/365 monitoring, updates, and patching, as well as immediate response in the event of a security breach
To learn more, request a consultation with Path Forward IT.
Resources
IT auditing and controls: A look at application controls, Infosec Institute
Visibility and Control at the Application Layer, ThreatLocker
NIST Guide to Application Whitelisting
The Ransomware Landscape of 2021, Brilliance Security Magazine
What you need to know about ransomware, CyberTalk.org
WannaCry Ransomware Attack, Wikipedia
MalwareTech, WannaCry and Kronos – Understanding the Connections, Tripwire