Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.
Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…
#1 Twitter
What was the root cause of Twitter’s massive hack of high profile accounts? Did they zipline in Mission Impossible-style and steal a floppy disc? No, it was a failure of internal staff falling for a coordinated social engineering attack. Your people are your most significant security threat. Most small businesses are one click from complete failure because they don’t take necessary security precautions that require a small investment that doesn’t return a visible result immediately.
Lesson: assess your risks with a competent IT Company, and intentionally and incrementally add security measures and tie them to business goals. One goal might be: remain in business if an employee clicks on the wrong link. Let’s put a quality Endpoint Protection platform in with anti-ransomware capabilities. That’s the beginning of the journey, find a competent and evolving IT Company to guide you through it as the landscape changes.
#2 College recruitment database
This one appears to be an incompetent AWS Developer that set up cloud resources in AWS and didn’t understand what they were doing. Improperly and insecurely configured IT resources, such as leaving the default permissions on a solution, will eventually come to light. And in this case, it’s devastating to the organization.
Lesson: understand that using the public cloud opens you up to new attack vectors. AWS can be secure when set up with the right controls, just like anything in the public cloud. You, the client, needs to ask: what risks am I opening myself to by going with this solution? Was this developer the cheapest guy in town or a highly qualified organization with an intentional focus on setting things right and securely? If your organization is as large as the #2 example, you must use a third-party cybersecurity consulting firm to check their work for vulnerabilities routinely.
It’s unlikely for small businesses ever to engage other IT Companies to check your primary IT Company’s work. Know that this may change in the future, as organizations are dropping like flies and filing insurance claims every day due to cybersecurity attacks. For now, small businesses must add “securing the business from cyber-threats” to the business plan and be intentional on incrementally getting better.
#3 Garmin
Ouch. It’s early, but we’re guessing an employee clicked on the wrong link, and then the attack replicated throughout the infrastructure. It also could have been external-facing vulnerability that attackers exploited to gain access and replicate ransomware throughout the infrastructure. Either way, think about the optics of what happens after a ransomware attack on such a public-facing organization:
Lesson: if you’re a malicious actor, the lesson is crime pays, aim for large companies, and they’ll do the math and cut a check. This is ridiculous.
If you’re a small business, the lesson is: it doesn’t matter how big or small you are, a specific type of company is being targeted, but typically only the big ones hit the news. What type of company? The ones who don’t take security seriously, aka, the majority of small businesses and even many large companies.
Do the following: add “securing the business from cyber-threats” to your next big brain strategy meetings and start budgeting for it. If you started a business in a war zone, you’d allocate money for your defenses. The second you plugged your company into the internet, you entered a war zone. The war is in your parking lot, and MOST small businesses don’t even lock their doors. Work with a competent IT Company and be intentional about security before you’re a casualty of war.