Companies skimp on cybersecurity defense at their own peril
The recent proliferation of attacks concerns experts, but steps can be taken.
Check out what our own Eric Brown, one of our managing partners had to say recently to Lynn Hulsey of the Dayton Daily News on the topic of data breaches, ransomware, and companies that skimp on cybersecurity.
“They’re not just going after the big boys anymore,” said Eric Brown, a managing partner at D9 Technologies in Englewood. “And the ransoms that they are hitting them with are not small.”
Data breaches do not always come with a ransom demand. Often hackers working for criminal groups or as agents of foreign governments are after the data to use or sell: Social Security numbers, credit card numbers, logins, and passwords or confidential business information.
In 2020 there were 1,108 data breaches or exposures of unsecured information, impacting nearly 301 million people, according to the Identity Theft Resource Center’s annual breach report. That’s a 41% increase in incidents from 2015, according to the center.
“Ransomware and phishing attacks directed at organizations are now the preferred method of data theft by cyberthieves,” according to the resource center’s report. “Ransomware and phishing require less effort, are largely automated, and generate payouts that are much higher than taking over the accounts of individuals.”
Phishing is a fraudulent email or web site where the fraudster pretends to be a legitimate business or person. An increasing number of thefts of company data come from criminals armed with personal information, like stolen logins and passwords, according to the center’s Q1 2021 Data Breach Analysis report.
“The exposure of user names and passwords is particularly harmful because of the gateway it opens up,” Velasquez said. “Why go to the trouble of infiltrating a system and going past all of their security protocols when through things like phishing emails I can just get your user name and password and log right in and walk right in the front door. The thieves they are a crafty lot but they also like easy.”
Companies can protect themselves
A cybersecurity expert who responded to the Colonial Pipeline Co. ransomware attack told Bloomberg that the hacker used an employee’s compromised username and password to hack in through an account that did not require multi-factor authentication, according to a June 4 article in Bloomberg.
An email that looks legitimate may contain a document or link that downloads malware if the user clicks on it. Fake websites or social media accounts may also contain dangerous links. In 2020 the FBI’s internet crime center received 19,369 business email compromise complaints, scams that involved transfers of funds, and a loss of $1.8 billion.
Brown said D9 Technologies helped a company that had used a wire transfer to pay a six-figure fake invoice to someone posing as a supplier using an elaborate combination of a spoofed website and personal phone calls. Companies that skimp on cybersecurity defense are putting their business’s assets at a major risk.
To read the complete article from the Dayton Daily News, click here.
Is your company taking the right steps for IT security? Contact us to perform a health audit to ensure your systems are safe.