Above: Dell Technologies’ Pushpendra Kumar Gupta. Photos by Mark Lyndersay.
BitDepth#1221 for October 31, 2019
At the American Chamber of TT’s Health, Safety, Security and Environment event at the Hyatt Regency last week, there were some traditional security concerns aired but this year’s conference drilled down into cybersecurity and dark web threats to a quite alarming degree.
Forget warnings. These were horror stories of computer systems exposed through IT department carelessness, angry employee retaliation and determined hacking at budget prices.
According to Lloyd Mclelland, District Sales Manager of A10, on the darkweb you can buy a week’s worth of DDOS attacks for just US$150, so it isn’t surprising that these denial of service attacks, which cripple Internet connected servers by flooding them with fake requests, have risen by 380 percent since 2018.
Also on the rise? Ransomware attacks, which encrypt corporate and government systems. Attacks on US cities do not discriminate based on size and even small cities are being hit with fees to release encrypted data in the hundreds of thousands of dollars.
In a ransomware attack, hackers break into to a network of computer systems and encrypt the data, making it inaccessible to legitimate users.
In August, the New York Times reported that 22 Texas towns were attacked in what is believed to be a single co-ordinated event by a single actor, reducing them to paper, and pens to do government business.
Most range in size between 30,000 and 100,000 residents and were described as targets of opportunity, with security and intrusion detection levels far below those implemented by corporations.
Baltimore faced a US$76,000 ransomware demand in May and refused to pay. The city has since spent more than $5.3 million on updated computers and contractors to recover from the attack.
Lost revenue during the computer shutdown was put at more than $18 million.
These cities and towns have had to grapple with the reality that paying the ransom is usually cheaper than the cost of restoring the data and the time lost to unresponsive systems, but they are also forced to consider the ramifications of paying ransom demands with taxpayer money and being seen as soft targets.
Pushpendra Kumar Gupta, Global Presales Lead for Data Protection, Dell Technologies, told a small audience at the AMCHAM cybersecurity discussion that downtime numbers are up by 28 per cent because of ransomware attacks and that 95 percent of corporate breaches start at the end point.
Hackers are also becoming more savvy in their attacks and now encrypt as many backup copies of working data as they can find on compromised networks, deepening damage and likelihood of a payout.
David Antonio Green, Vice-president Sales and Marketing, Hitatchi advocated for greater cyber-resilience in network construction, emphasising the need to prepare businesses for the eventuality of cyberattacks and ensuring business continuity.
“In modern IT management,” Green said, “attack surfaces are everywhere and traditional perimeter security has become obsolete.”
With more than US$1 billion paid in ransomware demands in 2016 alone and years of work lost in data that remains inaccessible, the cost of not securing networks has sharply risen in the last five years.
Green, Gupta and Mclelland all had technical suggestions for IT experts in the Hyatt ballroom, generally pitched at a level that decision makers might understand, but it’s unclear whether the right ears were in place to hear those messages.
It’s considered normal practice for modern companies and governments to create a Cyber Incident Response Team, or CIRT.
The government’s TT Cyber Security Incident Response Team’s website (ttcsirt.gov.tt) has been loading an out-of-date security certificate for more than a month and current browsers warn users from continuing to the website.
That aligns with private information reaching me that the Government CIRT is dangerously understaffed. The tardy response to security breaches at eleven government websites in July, including the site of the Ministry of National Security by what appears to have been a simple script injection remains a low-point in local cybersecurity defense measures.
Install software patches on active, internet-facing servers as soon as they are released.
Identify critical datasets for more aggressive security measures. Typically such mission critical data is just ten per cent of the data being managed by a company or government.
Routinely test backups in a digital sandbox to verify the integrity of the data in the backup.
How long does restoration from backup take? Can you get mission-critical data restored from backup fast enough to minimise the impact on business continuity?
Implement digital monitoring systems both internally as well as externally. Be aware of what’s happening inside your networks.
Are the right people being given access to the right data in your networks? It’s not uncommon for data to be exposed to more people than is absolutely necessary, increasing risk.
Educate your staff on evolving phishing and intrusion schemes so that they recognise them and understand the risk.
“Don’t say I’ve never seen it, so it’s not going to happen.” – Lloyd Mclelland.