May has seemingly stolen October’s designation as Cyber Security Awareness Month as two crippling cyberattacks have placed cybersecurity in the spotlight once again.
The first major attack happened on May 7, when a ransomware attack on Colonial Pipeline forced the company to shut down its operations and IT systems, creating a fuel shortage in the southeastern United States.
Only after reportedly paying nearly $5 million to the ransomware group responsible for the attack was Colonial Pipeline able to regain access to its files and systems again.
The second attack occurred a week later, on May 14, but this time on the other side of the Atlantic — the victim being Ireland’s health service operator. The reportedly “significant” ransomware attack forced the organization to shut down its IT systems, which in turn lead to disruptions in diagnostic services, COVID-19 testing and hospital systems. (https://www.reuters.com/technology/irish-health-service-hit-by-ransomware-attack-vaccine-rollout-unaffected-2021-05-14/)
According to the Reuters article, Irish officials reportedly said they will not pay any ransom and that it will likely take “some days” to gradually reopen the network and services.
Ransomware attacks: What are they?
Ransomware attacks typically occur when malicious software finds its way into an organization's network. More often than not, a user clicking on a link or opening an attachment is the catalyst for an attack. Once on the network, the software encrypts and locks files forcing users or corporations to pay a “ransom” to unlock these files.
Not only are such attacks costly due to the ransoms, but they are exorbitant in the damage in downtime caused to affected organizations, to their clients and related systems but also in potential fines due to HIPAA regulation non-compliance — especially for organization handling medical information.
Increased cybersecurity risk in the wake of the pandemic
Sadly, these and other kinds of cyber-attacks are not only becoming more sophisticated and increasingly prevalent, thanks to COVID-19 and the rapid move by many organizations toward remote-working, cybersecurity risks have only but increased.
Why is remote working such a risk? Traditional networks typically set up their defense by limiting potential targets, typically requiring users to access work networks by either already being within the protective walls of a network or, if the worker is remote, by allowing the worker access through a VPN. Where this system fails though is it assumes the user is to be trusted where in fact, the user in many cases is the weakest link to the network security.
With this kind of traditional security, one click by a network user on a malicious link, whether from within the office or remotely, and the whole network system is compromised — especially as bad actors, once behind the defenses, will often be able to move laterally through many systems.
Further, according to one study in 2020, only 53 percent of workers reported using a VPN when accessing their employer’s systems from home, exposing these networks to even greater risk — not even mentioning the security of the remote internet access points they used or if they used ever-vulnerable personal devices for gaining network access.
What To Do: 4 Defensive solutions against cyber attacks
This is why organizations today must shift away from perimeter-based, traditional network security to employ user-specific, zero trust defense architectures coupled with a robust back-up and recovery system to ensure minimal vulnerabilities, even down to the user level — the goal being ultimately to minimize the chance for infection and to ensure minimal downtime and damage if a breach occurs.
How does one do this?
Available these days through many managed network services (MNS) providers is a suite of solutions that together provide the protection needed in the face of increasing today’s ever-increasing cyber-attacks and their sophistication.
Here are some of those solutions:
Software Defined Perimeter (SDP)
This new solution replaces VPNs to provide protected, user-specific and monitored access for network users to access cloud-based environments, applications and services, all in a way that is flexible and easily scalable.
Click here to read more about SDPs: 5 reasons businesses are replacing their VPNs with SDP
End-point Detection Response Solutions (EDR)
EDR software replaces traditional anti-virus by monitoring and analyzing activity to assess whether it is malicious. If any activity appears suspicious and is deemed to be a threat, the EDR software identifies and removes the offending malware while notifying network administrators.
This allows network security teams to rapidly identify and respond to threats, limiting and resulting in damage and downtime.
Email Filtering
Cloud-based email systems offer filtering solutions that work off an organization’s active directory coupled with AI to monitor user’s behavior and activities to detect anomalies or anything indicative of malicious or unusual activities. — So for example, emails sent by associates at 3 a.m. requesting wire transfers would be flagged, , not sent out, quarantine and a notification sent to network administrators.
Backup and Disaster Recovery (BDR) System
The purpose of a BDR system is to automatically backup your data to an onsite appliance and to the cloud. With a properly configured BDR system in place, an organization hit by a ransomware attack is more likely to avoid downtime and costs because the BDR allows them to simply restore from a backup in a temporary virtual environment and then resume working there until the infected production environment can be scrubbed and restored. Also, some BDR systems feature a ransomware scanning option that once turned on looks suspicious activity indicating files being encrypted. This utility, once it detects such activity, alerts network administrators so they can stop the process before it gets too far. This is a handy ability as often organizations infected by ransomware don’t know until some days later.
Wrapping up
So, while cyber-attacks have become more sophisticated, so have the solutions developed to defend against them — so take heart.
For organizations seeking to avoid making the news for another cyber attack … or to simply protect themselves from costly ransom fees, fines and downtime, the solution is easy — contact a managed network services provider to see how they can help you.
Talk to us. We can help.
As an office technology provider, we are also managed network services provider able to help your organization implement the defensive measures listed above and more. Need help? Have questions? Let us know. Click the red button below, fill out the form and we’ll get back to you right away.
About R.K. Black, Inc.
R.K. Black, Inc. is an Oklahoma City-based, family-owned leading provider of office technology solutions to businesses in Oklahoma and Kansas. We specialize in everything business technology from copier, fax, printer and scanner technology to document management, onsite paper shredding services, VoIP phone systems and managed IT support to video surveillance solutions.
If you want to learn more about us, feel free to explore the website, read our other blogs or click the button below to be contacted by one of our reps and tell you! Also, be sure to keep watching our social media channels on Facebook and Twitter for more business tips from our blog.