The surge of cyber attacks in 2021 was a wake-up call for consumers, who felt the firsthand effects that can result from a breach. Lines at gas stations and the disruption of trucking, deliveries and related business activities that followed the breach of the Colonial Pipeline operators really drove home the fact that we’ve moved into a new era of cybercrime.
Criminal enterprises are targeting critical infrastructure in extortion schemes, thanks to cryptocurrency and prepaid cards that enable payoffs. The cyberthieves consider infrastructure low-hanging fruit, and defenders are playing catch-up because the definition of infrastructure is evolving fast. As more activities are digitized, IT infrastructure will become increasingly critical for business continuity much as traditional infrastructure components like the power grid are today.
We need to look at cyberattacks in a new way, focus on infrastructure threats, and get ahead of the curve. All it takes is clicking on one out of 100,000 phishing emails sent to open a back door to hackers which puts companies at a disadvantage. Businesses need to focus on the fundamentals, especially when it comes to network infrastructure, and small and mid-sized businesses (SMBs) in particular.
Organizations, especially SMBs, are outgunned and under-resourced. Many have security gaps because they can’t hire enough people for their security needs. Some estimates say more than 600,000 cyber security jobs open every year in the U.S., but there are 68 qualified prospects for each 100 open spots. Larger companies able to offer higher salaries and perks have the advantage in this job market. This leaves SMBs vulnerable; they may have automation and technology tools—even boosted with artificial intelligence and machine learning—but the talent shortage means they lack the human resources to make them work effectively.
Some very common-sense practices of basic cybersecurity hygiene can help reduce attack surfaces. Most of the vulnerabilities that open back doors to hacking are enabled by weak or compromised passwords, or by not updating and installing patches on software. Addressing both those basic risk factors can be effective against most common attacks, and installing multi factor authentication (MFA) places barriers to anyone trying to breach the system. MFA is very effective in denying hackers the low-hanging fruit, especially now that biometric identification such as a fingerprint or retina scan is within reach of most businesses. Just try opening your phone without those markers.
Sometimes, outsourcing security can be a good solution, especially for SMBs that lack resources. A consultant can run tests to find and patch vulnerabilities and train employees to spot and prevent common attacks.
Small businesses need to recognize they are now the focus of ransomware and other cyberattacks, because they’re the easiest to exploit. All kinds of small organizations, such as state and local governments, hospitals and educational institutions have become targets, because they operate disparate networks with limited cybersecurity know-how, making them prime targets. I’ve mentioned before how universities and healthcare organizations are facing a surge of ransomware attacks.
Ransomware has become a pandemic of its own, thanks to the sheer fact that it works well. Threat actors are very creative; every time they face a technology meant to stop a specific type of threat, they find a way around it. That’s why organizations really need to focus on finding defenses that will not only stop a threat today, but also future-proof to the next iteration hackers can devise.
Some encouraging developments show promise in this fight. Just as cybercriminals have found ways to collaborate in the Dark Web and trade tools and intelligence for their exploits, the good guys are starting to break their silence and share information. Protecting critical infrastructure will require a public-private sector partnership that goes after cybercriminal groups with a law enforcement approach, using forensic activities to find and prosecute the hackers. As the Colonial Pipeline incident showed, law enforcement is picking up momentum against ransomware attacks.
Another silver lining of this pandemic of ransomware has been increased sharing among security professionals. Where companies were tight-lipped about breaches before, sharing threat intelligence is being encouraged more openly, via information sharing and analysis centers (ISACs) that give business of all sizes access to threat intelligence and best-practice advice.
Businesses and individuals have enough trouble with all the other aspects of cybersecurity, but software patching and good password hygiene are a good place to start, regardless of an organization’s size or whether it’s private or public. For SMBs, the best advice is to find a partner that can help evaluate the risks to the organization, prioritize them, and attack them with vigor. If they defend those things first, then they can fill in the gaps in other areas with more confidence that their infrastructure is being defended.
Turn to your partners the same way the threat actors are doing it, and let’s help each other. Because at the end of the day, we all will be stronger for it.
Gordon Lawson is CEO of NetAbstraction, a company that specializes in network privacy, non-attribution and obfuscation for enterprises worldwide. Previously, he served as president at RangeForce Inc. Gordon has nearly two decades of experience in the security sector with a focus on SaaS optimization and global enterprise business development from global companies including Reversing Labs, Cofense (formerly PhishMe) and Pictometry. As a naval officer, Gordon conducted operational deployments to the Arabian Gulf and Horn of Africa, as well as assignments with the Defense Intelligence Agency, US Marine Corps, and Special Operations Command. He is a graduate of the US Naval Academy and holds an MBA from George Washington University.Previous Columns by Gordon Lawson:Tags: