It is no news that as we hit pandemic, we saw the work force shifted toward remote and hybrid mode. This sudden change without necessary cybersecurity protocols gave upper hand to bad actors in increasing data breach attempts, ransomware and cyber extortion demands went through the roof, social engineering scams increased via business email compromise and manipulating invoices with fraudulent fund transfers. We saw big cyber attacks to companies making the news, such as, Colonial Pipeline, JBS Foods, Kaseya, SolarWind, etc. Beside these big companies, many small and medium companies also got hit with ransomware, social engineering attacks and data breaches.
All companies, whether you are a one-person show or small business also need to be cautious and realize that all companies face cyberattack threats, not just the big enterprises that make it on the news. All it takes is that one vulnerability for a hacker to be successful. Reflection on cyber posture and giving importance to cybersecurity as a foundation is a MUST for any business.
The Federal Bureau of Investigation (FBI) has provided information to help organizations block hackers’ attempts to breach networks and asked victims to urgently report such incidents to their local FBI Cyber Squad.
The Federal Agency says, “The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office. By reporting any related information to FBI Cyber Squads, you are assisting in sharing information that allows the FBI to track malicious actors and coordinate with private industry and the United States Government to prevent future intrusions and attacks.”
FBI mitigations tips for businesses to guard their networks against ransomware attack attempts and protect their valuable network:
- Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
- Require multi-factor authentication for all services to the extent possible
- Keep all operating systems and software up to date
- Remove unnecessary access to administrative shares
- Use a host-based firewall to only allow connections to administrative shares via server message block (SMB) from a limited set of administrator machines
- Enable protected files in the Windows Operating System to prevent unauthorized changes to critical files.
Admins can also hinder ransomware operators’ network discovery efforts by taking these measures:
- Segment networks to prevent the spread of ransomware
- Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool
- Implement time-based access for accounts set at the admin level and higher
- Disable command-line and scripting activities and permissions
- Maintain offline backups of data, and regularly maintain backup and restoration
- Ensure all backup data is encrypted, immutable, and covers the entire organization’s data infrastructure
The Federal Agency does not encourage giving into ransom demands and advises companies against it since it’s not guaranteed that paying will protect the business from future attacks or data leaks. Furthermore, giving into demands encourages continuing illegal operations target more victims. It also act as a bonus for other cybercrinals to join them in conducting cyber threat activities. The FBI acknowledges that companies may consider paying ransoms to protect shareholders, customers, or employees. The law enforcement agency strongly recommends reporting such incidents to a local FBI field office. Even after paying a ransom, the FBI still urges to promptly report ransomware incidents as it will provide critical insight that would allow law enforcement to prevent future attacks by tracking ransomware attackers and holding them accountable for their actions.
Cyber crime is the fastest growing crime in the world and data is one of your most important assets. Ransomware and supply chain cyber attacks are on the rise. We have collectively had as much as 3 years of hacks happen in 3 months! This is quite alarming and all businesses, including freelancers, contractors, and small businesses, needs to take cybersecurity risks very seriously and be prepared and plan as much as possible against a cyber attack or data breach. Have an Cyber Incidence Response plan which includes Cybersecurity Insurance! Establishing cyber readiness culture and responding effectively to cyber issues helps in reducing risks and response time is critical to minimize the damage.
Cyber resiliency is an ever-evolving practice that will constantly be a continuous and dynamic process for anyone utilizing technology in today’s exponentially digital-era!
Don’t wait, mitigate!