What Have We Learned from Recent Cyber Attacks?

Cyber attacks are nothing new, unfortunately. At this point, dealing with the threat of ransomware, malware, and data breaches is a commonplace occurrence. Managed services companies and IT professionals have been preaching the need for cybersecurity, firewalls, anti-virus software, and many other safeguards for years – but the attacks keep coming, and they are still proving financially devastating for many organizations. The good news is that industry experts have learned quite a bit from a the security issues, and we continue to innovate and evolve to meet the ever-increasing risk of hackers and cyber criminals.

In 2018, 61% of organizations reported some form of cyber attack. So what have we learned after all of this cyber chaos?

Did You Know? A 2018 Gallup poll found that three times more Americans are afraid of losing their financial and personal data through a cyber attack than of being a victim of a violent crime.

Lessons Learned from Recent Cyber Attacks

• Email is still the problem. In fact, 92% of malicious code and software has come through company email systems. As phishing schemes become more sophisticated, it is sometimes nearly impossible to notice the differences between a legitimate sender, and a scammer. These emails seem to contain links to known organizations; the logos look real, as do the URLs. Companies must find ways to better educate their personnel as to how to spot a fake email, and how to question an email that doesn’t look quite right. However, as most people still race through emails and click links, this medium is causing the most problems in cyber security.
• Many companies simply haven’t applied the solution.  Sometimes the bad guys figure out the vulnerability and exploit it before anyone is aware of what is happening. But in many cases, the software company is aware of the problem and distributes a patch to their users, in order to shore up that vulnerability. The problem is, many companies are not vigilant about applying patches and updates as soon as they receive them. In 2017, the NotPetya virus exploited companies who had not applied a patch which had been available for two months.
• Back ups remain a critical component. As cyber criminals figure out new and innovative ways to steal data and in many cases hold it ransom, every single company should have alternate redundant  backup of their data. Not only will you be able to retain your data and not have to pay someone a ransom to unlock it, but  you will have rapid access and quicker recovery.  Besides, paying a ransom for your data has proven to be as faulty in the cyber world as it is in the physical crime world. There is no guarantee that you will get your data back even if you pay, and paying criminals is incentive for them to attack you again. Best to be able to recover on your own data without having to engage with them.  Added Bonus: Redundant data servers are also extremely valuable in the case of other disaster recovery situations, from power failures to inaccessible data centers.
• Quick response  makes all the difference. Companies who experience a cyber attack and report it in a timely manner have seen  their efforts slow and stop major global attacks much more quickly. While many companies may wish to keep it quiet that they have experienced a breach, reporting the attack allows for tracking and threat response, stopping the spread of the ransomware or malware significantly. The Office for Civil Rights (OCR) has published a helpful cyber response checklist on how to report and respond to a cyber attack.

If this all seems overwhelming to you, help is available. Alliance IT is a Sarasota managed services firm offering  professional expertise in the area of protecting you against cyber threats and attacks. Call us today to set up an appointment to discuss your specific needs and vulnerabilities, and how we can help you to stay safe.