Earlier this month, the U.S. Department of Justice filed charges against a N. Korean hacker who they say was behind such infamous incidents as the WannaCry ransomware attack, the attack on SONY over its release of a film unfavorable to N. Korean leader Kim Jung Un, and the $81 million Bangladesh Bank heist.
The DOJ’s action is a reminder that businesses are vulnerable and must take proactive steps to assure cyber security – especially regulated companies. These steps include network penetration testing, ongoing identification and patching of software and network vulnerabilities and other measures.
In case you’re unaware or have forgotten, in WannaCry, the hacker exploited vulnerabilities in older versions of Microsoft Office to block the files of scores of businesses around the globe. What changed this from simple malware to ransomware – aka extortion – is that a billboard popped up on affected computer screens instructing companies to call a number or click an email address to pay a sum to release the hostage files.
The sums weren’t large – in the thousands of dollars – making victims more likely to pay up to get their businesses running again. Most of the problems were in Europe and Asia where people frequently use bootleg copies of software that haven’t had security updates and patches. But that doesn’t mean U.S.-based firms or divisions are somehow not at risk.
The SONY hack is a frightening example of a Nation-State actor coming after a corporate enterprise for purposes of political protest. How does that relate to smaller companies? What if you’re managing money and your strategy includes shorting Chinese stocks, for example? The Chinese have advanced cyber hacking capabilities. Connect the dots.
The bank heist? Well, if you’re handling, holding and transferring client assets, those funds can be at risk and your firm can be held accountable for preventable losses.
In a technology-based world, there’s no end to clever hacker schemes, regardless of industry. Here’s one for the books. Last year a four-star hotel in an Austrian ski resort town was hacked on a Friday at the height of the season. The attack paralyzed their ability to issue new key cards. Local police couldn’t help, and management determined the best course was to pay the $1,600 ransom to regain access to the electronic key system and all the other computers in the hotel. A couple of hotels in the U.K. subsequently reported similar attacks.
Bottom line, if one bad actor is identified and shut down, a dozen others will emerge. If you’ve been putting off assessing the risks in your network, hardware and software, don’t delay another day. Engage a reputable IT resource with cyber security expertise.
And here are a couple of easy ways we’ve developed to get started. You can access our free Cyber Security Self-Assessment Checklist. Or, if you’re not already our customer you can take advantage of our offer for a free Cyber Security Vulnerability Assessment. Make sure your firm is not easy prey for hackers.