12 minute read
A Boston-based FBI analyst and Rhode Island experts discussed the range and growth of ransomware and phishing attacks, spurred on by the pandemic
Companies at a loss to handle ransom threats
BY MARY LHOWE | Contributing Writer
Advertisement
INTERNATIONAL CYBERCRIME IS RISING dramatically, driven by sophisticated operatives holed up in places such as Russia and North Korea who use advanced technology and even psychological tricks to penetrate computer systems, and then steal, lock up or even disseminate private data of all kinds.
Criminals are targeting businesses large and small, along with municipalities and colleges, with tools such as ransomware, in which an institution’s computers are entered and locked until a ransom is paid, and phishing, when an innocuous-looking incoming email, for instance, can release an invasive virus into a computer system.
Discussion at the Cybersecurity Summit co-hosted virtually on Oct. 7 by Providence Business News and Tech Collective verged on the ominous tone of a John le Carré novel as a Boston-based FBI analyst and Rhode Island experts described the range and growth of cybercrime, spurred on by the COVID-19 pandemic.
Tom Doyle, a cyber analyst in the Boston office of the FBI and the summit’s keynote speaker, referred to an Oct. 1 advisory from the U.S. Department of the Treasury that indicates the department may look to sanction Americans who pay ransom or facilitate ransom payments to nations and individuals designated by the federal government as special threats.
Panelists urged listeners to protect their computer systems early, a project that has become more fraught as workers scatter to their home offices during quarantine, thereby exposing the entire business’s cyber footprint to weak protections and careless practices at homes.
Buying cyber insurance is on the way to becoming a normal cost of business, said panelists in one of three breakout sessions that followed the keynote speech. In the wake of a cybercrime, insurance companies’ cyber panels handle a myriad of urgent tasks: detection, forensics, legal matters, public relations, and notification of customers and law enforcement.
Doyle, whose FBI office also covers Rhode Island, said cyberattacks increased by 94% in the Boston area and 81% in Rhode Island in the first half of 2020 compared with the same period in 2019.
Doyle said ransomware attacks increased by 250% in the Boston area in the fiscal year ending September 2020.
After Doyle’s talk, three breakout panels tackled aspects of the cybersecurity challenge. The first panel examined a recent cyberattack and discussed
SPONSORED CONTENT BY COX BUSINESS TOM DOYLE, FBI cyber analyst
7 Tips When Migrating Your Business to the Cloud
Did you know that most employees are responsible for remembering as many as 80 passwords used to authentic to network and system resources?* How do you ensure they are secure and more importantly, what happens when users leave the company or are terminated? Are you 100% certain that those authenticating to your network resources are really who they say they are? With Identity as a Service (IDaaS) from Cox Business Cloud Solutions the answer is simple! Our managed identity solution securely consolidates all identities and access management into one place, allowing you to secure your network and add/remove users with ease.
Migrating to the cloud is one of the most powerful things your business can use do to increase your flexibility, resilience, and efficiency.
Here are seven key steps you need to take to migrate your business to the cloud.
1. Understand the Business Needs That Drive a Migration to the Cloud
Before we talk about what you need to do, an excellent place to start is understanding why you need to make a move in the first place. That means looking at what parts of your business stand to gain the most from moving to the cloud.
This is, of course, entirely dependent on what industry you’re in. An excellent place to start is to follow the data. What information do you have, how do you access it, and where is it stored? The usual suspects for migrating to the cloud include marketing (email lists, segmentation, targeted offers), HR (payroll, benefits), finance (invoicing, finance, and customer service interactions), but there are many more. Take a thorough look at your business processes and data on hand to find the best solution.
2. Start with a SWOT Analysis
One of the best, most organized ways of taking stock of where you are is to perform a Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis. This gives you a solid basis for understanding where you need to improve and what migrating to the cloud can do for your business.
3. Identify Which Applications to Migrate
The main point of SWOT analysis is to narrow your focus and identify which applications to migrate. Now, you should have a good idea of why you’re moving to the cloud, so it’s just a question of priorities.
4. Look at the Numbers
Once you have your priorities, it’s a good idea to look at the numbers of what it will cost to migrate your business to the cloud. By now, you know what you want to do and how you stand to benefit from it, so the obvious course of action is to determine the cost. 5. Choose the Right Cloud Partner
Choosing the right cloud partner comes down to a combination of your needs and your budget. You want to find someone who has experience working in a similar area or industry and understands the needs and nuances of your business. Cox Business Cloud Solutions powered by RapidScale technology, for example, is one such company and assists clients with a comprehensive cloud roadmap that makes migration simple.
6. Plan Your Migration
When it comes to transitioning key business processes to the cloud, your number one priority should be to minimize disruption time for your team. Take a close look at your schedule and figure out how to best time your transition. Determine the order of migration and set some deadlines and metrics to define success.
7. Actively Monitor How It’s Going
As you make your transition to the cloud, make sure you’re actively monitoring how it’s going. Be ready to address any issues as they come up.
The full article originally appeared on CoxBLUE.com To learn more visit: coxbusiness.com
220_CB_PBN7tips.indd 1 Attend this webinar to learn about ways to ensure your business
is ready for the inevitable downtime event and recovers quickly. Wednesday, October 21 | 1:30 – 2:15pm EST To register, go to https://bit.ly/377JkAH
2/11/20 9:31 AM
best practices for businesses to reduce damage and recover. Panelists were Jeffrey Ziplow, a partner at Blum, Shapiro & Co. P.C.; Cindy Lepore, vice president of Marsh & McLennan Agency LLC.; and Linn F. Freedman, chair of the data privacy and cybersecurity team at Robinson & Cole LLP.
Another breakout session took a closer look at Tech Collective’s “Rhode to Resilience” security program for small businesses. Panelists were Eric M. Shorr, president of Secure Future Tech Solutions, and Douglas Tondreau, from the Digital Forensics Center at the University of Rhode Island.
A third session examined technical methods for controlling the spread of ransomware. On that panel were David Sun, digital forensics and security partner at blumshapiro, and O’Shea Bowens, founder and CEO of Null Hat Security LLC.
Kim Casci Palangio, assistant vice president of victim services for the Cybercrime Support Network, gave the closing remarks.
Doyle said the Northeast is a target of high interest to cybercriminals because of its wealth of research and medical facilities. Some cybercriminals are state actors, but most are individuals operating on the model of organized crime. He and others said the crime of ransomware has evolved into a “double extortion” in the past year or so because bad actors infiltrate systems, lock up data by encrypting it, and, in a newer twist, also threaten to publish the data on the internet if the victim fails to pay the ransom.
“They are getting entire network penetration, with a great impact on victims,” Doyle said. “They are going on to systems, capturing passwords, capturing data, then getting ready to do more damage later.” He said he knows of victims who have paid more than $1 million and up to $2 million to retrieve their data.
Asked if businesses should pay ransom, Doyle said the official position of the government is “no,” but he added, “It’s a business decision.”
Doyle introduced an advisory published Oct. 1 by the U.S. Department of the Treasury titled “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory denounced the practice of paying ransom, saying this “may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims.”
The advisory said Americans may not pay ransom to certain parties designated as threats by the government. “Under the authority of the International Emergency Economic Powers Act or the Trading with the Enemy Act, U.S. persons are generally prohibited from engaging in trans-
BEST PRACTICES: Panelists Jeffrey Ziplow, a partner at Blum, Shapiro & Co. P.C.; Cindy Lepore, vice president of Marsh & McLennan Agency LLC.; and Linn F. Freedman, chair of the data privacy and cybersecurity team at Robinson & Cole LLP, discuss the challenges of responding to a ransomware attack during the Cybersecurity Summit on Oct. 7. PBN Editor Michael Mello moderated the discussion.
This is just not true. Hackers look for low hanging fruit like a small-to-medium-size business with little or no security.
Our Team of Experts Offer: Cyber Security Managed Services BackUp & Disaster Recovery Email Encryption Cloud Computing Computer Repair
TECH SOLUTIONS
Proactive Today for a Brighter Tomorrow
actions, directly or indirectly, with individuals or entities … on OFAC’s [Office of Foreign Assets Control] Specially Designated Nationals and Blocked Persons List.”
Doyle was succinct: “If you are paying ransom to sanctioned companies, you may be in trouble.”
Panelist Linn F. Freedman later concurred, “We may be subject to fines and penalties … for paying foreign adversaries a ransom.” She added, “We are going to see a whole different scenario about paying ransom in the future.”
The Treasury advisory encouraged cybercrime victims to reach out quickly to law enforcement.
Doyle also encouraged victims to contact the Boston FBI office, which estimates that it receives information about only 25% of cyberattacks in the region. “It takes years to figure this out. Reach out to us; we are making progress; we are making arrests,” he said.
Offering reassurance, Doyle added, “We don’t want your data. We want to look for indicators [of crimes]. If you are a victim, we treat you like a victim.”
Without giving names, Doyle alluded to some cybercrime cases he has worked on, but one breakout panel discussed a well-publicized break-in this year at Blackbaud Inc., a global provider of financial and fundraising technology to nonprofits.
Freedman reviewed the incident, in which hackers entered the Blackbaud system and stole a subset of the company’s data. The company discovered the breach in May and began to notify customers in July. Freedman said the hackers “probably threatened to leak the data into the internet.” Blackbaud paid the ransom. Freedman said she “would not be surprised” if the amount were in the seven figures.
Among the many difficult cleanup problems for Blackbaud was to notify customers whose data may have been exposed.
Asked if cyber insurance could help with costs of a major hack, Freedman said, “In many instances, insurance will cover payment of ransom. Insurance is key here. Some companies don’t have insurance, so all of this would be out of pocket.”
Lepore, of Marsh & McLennan, called cyber insurance “relatively affordable,” but also noted that losses to Blackbaud not covered by insurance include things such as legal liability, brand identification and decreased revenue.
She described many of the aspects and difficulties of reporting and managing a cyber breach. “Organizations need to be prepared,” Lepore said. “Even if a partner has a cyber event, it will ripple through the organization.”
Freedman added, “The statistics of small business coming out of a ransomware incident are very bleak.”
Statistics from the Boston FBI office and the U.S. Treasury Department show that the pandemic and quarantine have turbocharged cybercrimes.
“It has been bubbling up,” said Ziplow, from blumshapiro. “The FBI saw the same number of attacks in the first five months of 2020 as in all of 2019.” He said two major effects of the pandemic are fueling the trend.
First, the federal stimulus money paid out to individuals and businesses in spring 2020 sent a lot of cash washing through the economy, and cybercriminals ramped up to grab some of it.
Also, Ziplow said, having people working from their homes “has increased the attack surface. In the past, we just had to protect the office and its perimeter. Now we have an increased number of offices,” that is, employees working remotely.
Home protections mean locking computers, and changing passwords, including the passwords for routers.
As always, computer users need to arm themselves against sneaky phishing maneuvers, in which criminals pose as a legitimate contact, such as a person from a company’s own information technology department. Opening the email can release a virus into the system.
Emails from cybercriminals “look and smell just like an email from a co-worker or a CEO,” Ziplow said.
Lepore added, “People are getting a lot of text messages with links. It is easy to be going through text messages quickly and to click on a link.”
Said Ziplow: “Stop, think, then click.” n
LINN F. FREEDMAN, Robinson & Cole LLP data privacy and cybersecurity team chair
SUMMIT
in partnership with:
Wednesday, October 7
THANK YOU TO OUR SPONSORS
PRESENTING SPONSOR
PARTNER SPONSORS Practitioner Session: Moderated by Doug White – Chair, Cybersecurity and networking, Roger Williams University with Panelists David Sun, Digital Forensics & Security Partner, blumshapiro and O’Shea Bowens – Founder & CEO, Null Hat Security
Closing Remarks provided by : Kim Casci Palangio, AVP, Victim Services Program, Cybercrime Support Network.
