True story -- Last month, I heard about a small company (less than 50 people) on the East Coast that received a phone call from an anonymous person claiming to have all of the company’s data. It seemed like a hoax but as the caller continued to talk, he gave the company an exact address on the “Dark Web” where the data could be viewed.
The bad guys had the data. However, all of the systems the company used were working just fine so they wondered about the motivation for this plot. What did they want?
Turns out, the bad guys wanted the company to pay them to get their data back or they would sell it to the highest bidder on the dark web. Extortion – the selling of secrets and confidential data. That's what this company was experiencing. They were shocked that their small business was singled out as a target.
It's a terrible situation and it's becoming more common.
Too Small to Target?
Despite all the noise that IT professionals have been making about desktop and network security, business leaders continue to live with a false sense of security thinking that they’re too insignificant to be a target for cyber criminals.
I can even admit that in years past, I've thought, "Do the bad guys really care about my little business? Do I have anything they really want?" I know that we do, and my company has always exercised the utmost caution regarding cyber security.
Even with recent security incidents like the Colonial Pipeline, the Azusa Police Department, the University of Massachusetts, and a presidential order to do better at cyber security, many small business owners and managers are continuing to adopt a wait-and-see approach -- Waiting for an attack to happen, or for their customers to demand better cyber hygiene, the latter of which is happening for Department of Defense suppliers right now. (Learn about Cybersecurity Maturity Model Certification here.)
How Far Do You Really Need to Go With Cyber Security?
The truth is, the bad guys spend ALL of their time trying to figure out how they can exploit vulnerabilities in systems so they can turn them into money-making opportunities.
Cyber security basics used to be pretty simple -- patch your workstations, have a firewall, and get rid of old out-of-date equipment.
Today, the baseline for security has changed.
It's Time to Protect Against the Unknown
It's not enough these days to only protect yourself against known threats -- you need to defend against unknown threats. That means that your security mix now needs to include Endpoint Detection and Response (EDR) software, current patches, endpoint protection software, managed firewalls, password management tools, and the retirement of all unsupported software.
There are many more things that could be done, but if you step up your security level to meet the new baseline, when the bad guys come jiggling the knob to see if they can open the door, they’ll move on to look for an easier target.
In the coming months, we’ll be rolling out our new baseline security tools to all of our clients that don’t already have the enhanced software suite. The cyber crime landscape has changed and what organizations need to do to meet growing risks has changed too.
No one can 100% guarantee that you won’t have a cyber event, but with these tools and good cyber security process, we will do our best to keep our clients safe.