In mid-August, over the span of just a few days, 22 Texas towns were struck by a coordinated cyberattack called a ransomware attack. As a result, Texas Governor Greg Abbott ordered a Level 2 Escalated Response, meaning that the scope of the emergency had expanded beyond what could be handled by local responders.
Ransomware—a malicious software that spreads across networks and shuts down computers until a ransom is paid—is typically spread through phishing emails or by someone unknowingly visiting an infected website. A spate of attacks in recent months has put cybersecurity in the spotlight, and it is vitally important for both government entities and businesses to understand the dangers presented by ransomware.
“This no longer affects just a few people,” Huntington’s Cybersecurity Outreach Director Don Boian says. “It affects everybody.”
Beyond the considerable financial impact an attack can have, the long-term disruption of business operations and the damage to reputation that can result from such an attack can be substantial. For example, the RobinHood ransomware attack in May cost the city of Baltimore an estimated $10 million in recovery and $8 million in lost revenue.
And if a critical service such as 911 dispatch is affected, lives could be endangered.
“Cyber criminals can wreak havoc with everyone else,” says Boian. “And in today’s fast-paced global economy where consumer demand for new services is so high, organizations can roll things out before thinking about the potential ramifications.”
To help protect your organization from similar attacks, here are few things to consider:
Train Employees & Vendors
- Require that all employees take at least annual training on cybersecurity to equip them with the knowledge to identify and quarantine phishing and malicious emails, avoid clicking on suspicious links or attachments, and use strong passwords that are changed periodically.
- Review third-party connections and limit access to minimal essential functions. “Third-party risk is one of the toughest things, from a business perspective,” Boian says. “It is important that your outsourced service providers take security as seriously as your own company does. You have to be really selective about who you outsource to. Especially if you’re a school system or police department, make sure the people managing your data are trustworthy.”
- Keep all computer operating systems and applications up to date with relevant security patches.
- Back up all critical systems and data and, just as important, periodically verify the integrity of the backup and restoration process. “If you’re just writing stuff off to removable media and sending it off somewhere, you really need to validate the technology,” Boian says. “If you haven’t validated it, by the time you have a problem, you might realize it doesn’t function properly.”
- Ensure antivirus, malware protection, and email security software are in place, active and on current versions.
- Provide a layered defense for critical systems and data. “For instance, payment processing should be buried behind several layers of defense,” says Boian. “And don’t read emails or browse the internet from the same system that contains those functions.”
- Reduce or eliminate the use of vulnerable connection methods such as Server Message Block or Remote Desktop Protocol into your network. “WannaCry, a May 2017 worldwide cyberattack, spread because of a vulnerability in the Server Message Block protocol,” Boian says.
- Have cyber incident response plans in place, and don’t just put them on a shelf and forget about them; you need to periodically practice them. “How would you react to a malware outbreak on your network?” Boian says. “How would you isolate things? Who would you communicate with? What are the strategic vendors or forensic companies you would bring in? How would you communicate what happened with the public? The time of the crisis is not the time to be thinking about those things. Think about them now and document them.”
- Have an independent audit performed on your networks annually to include attack surface mapping and penetration testing. “I’ve seen some companies that are defensive and say, ‘No, we’re good, we’ve got this,’” Boian says. “Any cybersecurity person who says that is essentially saying, ‘We’re impenetrable.’ It’s nice to have somebody who is impartial look at your networks and say they are OK or give you a list of items to work on.”
- Consider purchasing cybersecurity insurance, but make sure you understand what the policy covers. “It’s like when you buy a home insurance policy and think you’re good, until you have water damage and find you didn’t have flood insurance,” he says. “It’s the same thing in the cybersecurity world. But there was a good example recently of a city in Florida, Riviera Beach, that understood what it was buying. When an attack occurred, it was covered and paid the $600,000 ransom out of its insurance policy.”
The rise in ransomware is part of an overall increase in destructive malware attacks worldwide. As a result, it is more important than ever to put practices that can help protect your organization to use.
And in the event of an attack, always involve law enforcement.
“I give Texas a lot of credit,” Boian says. “They mobilized as a state to help these government entities out. If you’re a member of something larger—a corporation with subsidiaries or a government—it is critical to have a plan in place in which everybody works together.”
Contact your Huntington relationship manager to discuss the cybersecurity best practices and Huntington products that can help you reduce your cybersecurity and fraud risks.