Brian Wallace

Data Security

BRIAN WALLACE | November 24, 2021

Since the beginning of COVID-19, the frequency of ransomware attacks has risen 400%.  Criminals are taking advantage of the increased vulnerabilities caused by remote work.  The more software and networked devices a business has to protect, the greater the chance their security systems will falter.  The growth of ransomware as a service has allowed cyber crime to grow beyond a group of talented hackers.  “Gangs” provide easy to use malware to criminals in exchange for a 20 or 30% cut of the ransom.  With payouts from businesses in the millions and low chances of being brought to justice, cybercrime has grown more lucrative than ever.  Just like the coronavirus, ransomware is a global disease. The infection progresses in 3 stages.  First, crypto ransomware encrypts files and denies access to users.  Then, malicious actors demand ransom payments in exchange for the decryption keys.  When a business caves and pays ransom in the third step, they are forced to use anonymous cryptocurrencies such as Bitcoin.  Common strains of ransomware include WannaCry, which has affected 125,000 companies in 150 countries, and Ryuk, which was responsible for ? of all ransomware attacks in 2020. Just like businesses were not prepared to handle COVID-19 outbreaks, most are not prepared for a ransomware outbreak at their workplace.  The majority of companies have an IT security budget of less than $10,000, nearly 10 times less than what the average cybersecurity engineer makes in a year.  This means businesses are either not willing or not able to pay the salary of a human tech expert ro can keep their company safe from ransomware.  The problem is especially apparent in small and medium businesses.  6 in 10 of SMBs lack a policy on what to do if they are targeted with a cyber attack, let alone the funds to retain cybersecurity expertise in house.  While cybersecurity is a growing field, it is not growing fast enough to keep up with the need for such skills. Can cybersecurity technology close the gap?  Not entirely.  Human attackers launch more sophisticated attacks every year.  Artificial intelligence programs are developed using last year’s attack patterns.  Responding to evolving threats requires human expertise.  AI solutions are not yet adaptable enough to serve in the long term. Even in current conditions, AI solutions alone are not foolproof.  Instead, they are prone to explosions of false positives and excessive alerts that annoy the business employing them.  If employees learn to ignore their cybersecurity software, they run the risk of missing a real threat.  Even so, the average person received 63.5 notifications every day.  There isn’t enough time in a day for them to work through all the alerts on top of their regular jobs.  Cybersecurity is supposed to let humans know what to trust.  If it fails to do that, then it is not worth the investment. Human experts need to work alongside technology to mount an effective cyber defense.  Trained analysts have an advantage when it comes to detecting and responding to ransomware.  They have the know-how most humans lack when it comes to weeding out false positives from alerts.  Furthermore, they can see the context, relevance, and attack motivations that a software program would be blind to.  Adding human cybersecurity experts to the team brings the best of both worlds together.  Criminals are bringing their best to the table.  If businesses are intent on stopping them, they must make similar investments in their infrastructure. When cybersecurity matters are taken care of, employees can do what they were hired to do.  Businesses can function as desired.  Everyone benefits from peace of mind.

Enterprise Security

BRIAN WALLACE | November 16, 2021

Ransomware attacks are becoming more frequent and far more detrimental to business operation, software infrastructures, privacy safety, and information security. In 2020, the frequency of ransomware attacks grew by 7x or more. This upward trajectory is projected to continue with a minimum of 3 out of 4 IT organizations being confronted with at least 1 ransomware attack by 2025. The true cost of ransomware attacks is up to a whopping $20 billion - the total global ransomware damage costs predicted for 2021. Ransomware attacks often halt business operations, costing businesses up to 23x more than the ransom itself. The costliness of ransomware attacks varies slightly by enterprise size. In 2019, small to medium enterprises (SMEs) represented 98% of claims.In 2019 alone, ransomware claims ranged between $2,500 and $10.1M, with an average claim of $424,000. Often disregarded when tallying ransomware attack damages, business interruption loss also takes a hefty financial toll on businesses. That same year, for SMEs, the average cost of businesses due to interruption was $1.2 million per incident, with the highest cost being $6.5 million. The heaviest post-attack costs are data loss, insurance premium increases, and heightened risk of reinfection. 82% of ransomware attack victims report significant data loss, and on average, 61% of ransomware attack victims have lost data to corruption. Insurance premium increases are also financially draining. In the first quarter of 2021, premiums increased 29% in January, 32% in February, and 39% in March. For high-risk organizations, premium increases of up to 50-60% may become the norm. On average, deductibles were raised to $1 million, encouraging more insurance clients to opt for cyber coverage, which has increased from 26% in 2016 to 47% in 2020. Reinfection rates pose financial threats as well. Reinfection occurs 80% of the time with 46% of victims suspecting that it was the same attackers. These damages that ransomware attacks leave behind are worth bracing against. In 2021, the ransomware group Avaddon made headlines after announcing that they were shutting down. Officially, the group had 88 known victims, but decryption keys were released for 2934 victims. While the full extent of Avaddon’s schemes has yet to be uncovered, it has been safely concluded that if all the victims paid the average reported amount, the group made about $1.8 billion. Unfortunately, just 3% of victims reported Avaddon’s attacks. Many organizations still think of ransomware as one-off attacks, like the infamous WannaCry attack in 2016.  Today, ransomware is far more complex and many are multifaceted. Ransomware attacks may be deployed along with network penetration (compromising your organization’s network with stolen credentials and/or malware), credential harvesting (collecting login credentials for critical systems, such as Domain Name System (DNS)), attacking backups (data storage can provide a roadmap to what information is most sensitive), and/or double extortion (thread of publicizing data theft after a ransomware attack — often in response to companies saying they won’t pay).  With the pandemic’s reorientation toward remote work and learning, cyber businesses and cyber education are backbones of today’s society, which makes securing them crucial.  Failing to do so can breed a slew of downstream issues including job losses and business losses among a plethora more. There’s never been a better time to protect your business from ransomware. The best ways to do so are to stay up-to-date, increase employee awareness, back up data, and adopt malware detection. Staying up-to-date involves keeping track of patches and software updates, which are key to protecting yourself against ransomware. Increasing employee awareness entails empowering employees to assess whether an attachment, link, or email is trustworthy. It’s critical to keep data backed up on external devices to aid recovery should there be an attack. Last but not least, adopting malware detection, early detection of suspicious activity, is your first line of defense. 

Data Security

BRIAN WALLACE | November 02, 2021

Let’s face it - most of our digital lives are on our phones, putting ourselves at a great deal of risk when it comes to cybersecurity. You would think that this would lead us to better phone safety habits, but this is not always the case. Many people, in a rush to get the latest new smartphone, might set themselves at risk leaving themselves open to cybersecurity threats with information left on their old phone. Don’t worry, there is hope - welcome to the phone repair economy. Let’s break it down by the numbers: in 2021, Americans are expected to spend $4 billion on phone repairs.  That number seems like a lot until you consider that $59 billion will be spent on new phones.  Despite the wide disparity, phone repairs are steadily increasing in popularity.  A growing number of Americans are willing to get their phone fixed after it suffers small aesthetic damage. Moreover, Americans are slowing down in the purchase of new smartphones.  In 2016, Americans upgraded their phones after 23 months of holding.  In 2019, they waited 33 months to upgrade.  High prices are delaying new purchases while changes in carrier contracts have made 2-year upgrade cycles a thing of the past.  Because Americans are keeping their phones longer, they’re more likely to see their phone break in its lifetime. Phone damage is common.  In the US, 2 smartphone screens are cracked every second.  72% of people have broken a smartphone before, and those who have previously broken a phone are twice as likely to do it again.  But instead of rushing to replace a broken device, consider fixing it instead. Consumers typically spend less on repairs than they would on a replacement.  They can keep all their files, settings, and habits without having to adjust to a new device.  Important to the planet, extending a phone’s lifespan can reduce emissions and e-waste while saving energy and resources.  Sustainability relies on consumers holding their products for longer amounts of time than they do currently. Other ways to extend a phone’s lifespan is to protect it from needing repairs in the first place.  Use a shock absorbent phone case to protect the phone from drop damage.  Slap on a screen protector to avoid the most common type of phone damage from impacting your device.  Phone repairs have the chance to benefit all users. Stay safe from cybersecurity threats and keep your old smartphone running in optimal condition.