Cybersecurity
Ransomware is the practice of using malicious software to gain access to a company’s information. Rogers said these types of attacks occur every 14 seconds and the average ransom is $4.5 million. The average downtime companies experience is 22 days. He also said that there are no guarantees companies will get their data back upon paying the ransom.
He said hackers will use social engineering to manipulate people, eavesdropping, postal service mail, and even tailgating a car to discern information that could lead them to such sensitive information as passwords.
Phishing emails and text messages are also utilized where a hacker poses as a company to secure sensitive information to gain access to accounts.
Rogers said there are an average of 3.4 billion phishing emails sent daily and can come from hackers posing as trusted sources.
To guard against such attacks, Rogers said companies should ask themselves if the email is coming from a person they know and does it have a recognizable domain name. He said ways to check for such scams are to look at the fonts and grammar usage in emails. He said to never click any links in such suspicious emails.
Rogers also discussed how text messages use the same practices and 2.3 million such fraudulent messages are sent daily.
The encryption process of data, Rogers said, begins in as little as three seconds and uses an impossible key, a chain of letters, numbers, and symbols, to prevent the company from regaining access to the information. He said it usually
leads to a 100% loss of information.
Rogers said that ransom payments averaged $5.3 million per year and increased by 37% over last year.
He said best practices for companies to protect themselves is to access exposure, such as blocking suspicious emails, blocking malicious websites, and checking computer software vulnerabilities.
Among the risks are data loss, which is designed to destroy a company’s back-up data, and 14% of companies are able to recover data without paying the ransom. However, 19% of companies who paid the ransom were unable to recover lost data.
Reputational harm can also occur to employees and companies and could have lasting effects such as gaining new employees and clients. In addition, there is also legal liability.
He said the best way
for companies to combat such attacks is to build a response team that meets regularly and discusses best practices, including drills for such attacks.
Rogers said using firewalls, such as routers, and onsite and offsite computer back-ups, and switches and servers and a set of policies for handling such incidents are excellent starting points. Also, in the midst of an attack turning off internet access is a great way to halt and attack.
Among the best practices for companies to use, Rogers said, it to implement continued training for employees to recognize spam email and text attacks, along with holding webinars, and using cybersecurity programs such as KnowBe4 and Webroot antivirus programs.
The PREP program is Pennsylvania’s network of business assistance partners and is
designed to help companies start, grow, and prosper. To learn more about NC PREP, visit
www.ncentral.com/ncprep or contact Mikala Biondi at 814-773-3162, ext. 3046.