How firms plan for cyber attacks, the failings of cybersecurity companies, Artech hit by ransomware and email bomb threats return
Welcome to Cyber Security Today. It’s Monday September 14th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Britain’s National Cyber Security Centre is a good source of online information on how to secure businesses. Last week the advice was updated on how to mitigate malware threats. One new section deals with preparing for a cyber incident. Here’s a brief run-down, which I hope you’ll find useful.
First, know which of all the data you have is critical. It may be customer and employee information, financial information or intellectual property. Think what the impact would be if they were crippled by a cyber attack.
Second, plan for an attack, even if you think it’s unlikely. Create a written plan called a playbook covering how staff will react to a number of possible cyber attacks, whether it be data destruction, data theft, ransomware or defacement of your website. Each incident has to be identified and contained, systems will have to be scrubbed and put back into production. And then staff have to look back and detail the lessons learned.
Think carefully about where this playbook will be stored. If it’s on a computer that gets locked by an attack, it’s useless. This plan must have a regularly updated list of who to contact in an emergency. Practice the plan. You need to find out how long it will take to do things, like, partially or fully restore computers.
By the way this plan should be part of your organization’s overall disaster recovery plan.
There’s a link here to a longer story I wrote about this. Or you could do an internet search for “creating an incident response plan.” Lots of security companies offer free advice.
Speaking of cybersecurity companies, they are expected to be places where employees are smarter than the rest of us. Not really. A security company called Immuniweb found these people are just as human as the rest of us. Researchers hunted through data available for sale on criminal web sites from 398 cybersecurity companies and found almost all of them have been victimized in some way since 2012. On average researchers discovered 1,500 stolen passwords and other sensitive data per company. Of the passwords found, 29 per cent could be classified as weak including re-used identical passwords. To be fair, some of those may have been used eight years ago when organizations weren’t as serious as they are today about enforcing the use of strong passwords. Many of the 631,000 verified incidents over the eight-year span came from hacks of suppliers and contractors of the cybersecurity companies. Immuniweb CEO Ilia Kolochenko called the research alarming and shows even cybersecurity companies aren’t immune from attack.
A big IT staffing firm called Artech is sending notices to people this month that their personal data may have been copied by hackers in a ransomware attack last January. According to the Bleeping Computer news service the ransomware gang leaked 337 megabytes of allegedly stolen files from the company’s servers. It isn’t known if the data was of employees or resumes of those looking for IT jobs in the U.S., Canada, China and India. But in its six-month investigation Artech found that personal, health and financial information including Social Security numbers, driver’s licence numbers, government-issued IDs and passport numbers were among the data exposed. Those notified by the company need to watch their bank accounts for suspicious activity. They are also eligible for free credit monitoring.
Finally, thugs have resurrected an old scam: The email bomb threat. Researchers at Kaspersky Lab are seeing email threats sent to organizations in English and in German claiming a bomb has been hidden in their building. Unless the blackmailers get $20,000 in bitcoin it will go off. Last month police in Victoria, British Columbia and Lethbridge, Alberta warned that businesses there have been getting the same messages. Extortionists have been trying this for some time. In 2018 thousands of businesses in Canada, the U.S. and Australia got similar messages. As Kaspersky notes, this kind of threat is an extension of email scams that claim to have sexual photos of videos of victims and demand money or they will be released. Don’t reply to these messages — that just confirms to the attacker the email address is valid. Don’t send money. Instead, call police.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon