It’s Spring 2022, the war in Ukraine is raging and we see it on the news every day. Your favorite news anchor will inform you of the casualties, the loss of equipment, the amazing and heartbreaking human side of the story. The anchor might even mention there is a new type of warfare also taking place, Cyberwarfare. Sounds insidious for sure but no one knows what it really means, and besides that it’s so far away it can’t affect me here, right?
What if I told you, you have been a participant and victim of this war, and you don’t even know it?
What if I told you this “war” has been going on for years?
You might say I am crazy or that I am over exaggerating, but let’s take a look at headline history for the past few years.
2019:
News broke that a media company leaked 540 million Facebook records onto the Amazon cloud server, including users’ account names, IDs, and reactions to posts.
That same year, First American Financial Corporation customers had 885 million of their records, including bank transactions and social security numbers, exposed publicly online.
2020:
Toll Group tops the list for the year’s worst cyber-attacks because it was hit by ransomware twice in three months. A special note that this was 2 different attacks by different sources.
For the second time in two years, Marriott International suffered a data breach. On March 31, Marriott released a statement disclosing the information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property. According to the notice, the breach affected an application used by Marriott to provide guest services.
Twitter was breached in July by three individuals in an embarrassing incident that saw several high-profile Twitter accounts hijacked.
And the biggest of 2020 SolarWinds. The scope of the attack, the sophistication of the threat actors, and the high-profile victims affected make this not only the biggest attack of 2020, but possibly of the decade. The incident also highlights the dangers of supply chain attacks and brings into question the security posture of such a large company. Threat actors, who had performed reconnaissance since March, planted a backdoor in SolarWinds’ Orion platform, which was activated when customers updated the software.
2021:
Of all the cyber and ransomware attacks in 2021, the breach of Colonial Pipeline in late April had the most news coverage. This attack was particularly dangerous because consumers started to panic and ignored safety precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and bins, and one car even caught on fire. After the chaos receded, government officials confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have been prevented if stronger protection was in place.
Also, in May this year the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on the London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets.
REvil, the same hacker group that targeted Acer, Quanta, and JBS Foods again made headlines in July with an attack on Kaseya. While not a name commonly known by consumers, Kaseya manages IT Infrastructure for major companies worldwide. Like the attacks on Colonial Pipeline and JBS Foods, this hack had the potential to disrupt key areas of the economy on a large scale.
One of the more interesting events was when the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. (BlackFog)
What do all of these attacks have in Common?
Every one of these attacks and the tens of thousands more during that time frame, all have 1 major common thread. Poor Cyber Hygiene at the basic levels. In fact, many attacks could be prevented with the adoption of PVR (Patching, Vulnerability Scanning, and Remediation).
It was estimated that the global cost of Cyber-attacks in 2021 was $6 trillion annually and will be $10 trillion by 2025. That is more than most countries’ GDP.
I am of the belief that no one walks away from that kind of money.
What if I told you, there are trillions of dollars out there, and all you have to do to get it is to exploit weakness that shouldn’t exist and only do because people don’t have the time needed to perform these vital tasks on a regular basis. Tempting, isn’t it?
Cyber Hygiene the first step in IT security:
As with personal hygiene, cyber hygiene involves developing important habits. In the case of cyber hygiene, those habits help computers and other devices that rely on connectivity perform at their best. Cyber hygiene also helps detect problems with computers and allows for quick fixes. Tasks include setting strong passwords and changing them regularly, installing antivirus software, using network firewalls, and training employees on phishing and other exploitations.
Cybersecurity professionals help keep emails, networks, operating systems, printing devices, and other technology safe. Every device connected to an access point is vulnerable. Good cyber hygiene helps protect against those vulnerabilities by accounting for various risks. This practice helps individuals and businesses keep their data safe, preventing malware and other attacks from breaching networks and devices.
An assessment of American cybersecurity practices found that even though 88% of Americans report they take necessary steps to stay safe from cyberattacks, less than half perform the bare minimum when it comes to cyber hygiene. The most important Cyber hygiene best practices include:
- Installing Antivirus and Malware software and updating the virus definitions (15 minutes to 30 minutes 24/7)
- Using quality firewalls with DLP, Intrusion Detection, & Active AV and Malware Scanning
- Constantly Patching & Updating apps, web browsers, and operating systems on all devices regularly (1-to-3-day cycle)
- Vulnerability Scanning with a quality scanner like Nessus or Tenable io (monthly scan with 100% remediation cycle)
- Frequently changing passwords and enforcing Multifactor Authentication (45–90-day cycle)
- Training software for your company to show how to spot phishing emails, compromised web sites and other materials
Mainly, cyber hygiene requires a two-pronged approach. Businesses must address both technical and nontechnical issues. Technical issues center on security controls or countermeasures that reduce risks. They include hardware, software, and other mechanisms that keep devices safe. Nontechnical issues refer to policies and procedures that guide how organizations manage security and may also involve employee training and security awareness. These are all excellent and worthwhile endeavors, however most attacks listed could have been thwarted by a subset of Cyber Hygiene that we call “PVR” (Patching & Vulnerability Scanning & Remediation).
A proper PVR solution puts you ahead of the game, you are no longer just reacting to events, but taking the most important initial steps to prevent an attack from being able to occur in the first place. No vulnerability = no hack. It’s that simple and the difference in being Proactive vs Reactive.
Learn more about Pioneer-360’s PVR Program, starting at $35 a seat by downloading our flyer here.
Author: Yancy Lancaster, VP
