• Click at your own peril
  • August 14, 2017
  • Some of the world's most vicious criminals are lurking in your office. Maybe not in a nearby cubicle, but most certainly in your email inbox. And if you or a co-worker were to click one of those unassuming links or attachments, your entire business could be compromised.

    Already this year, major ransomware events have paralyzed businesses across the globe, and cybersecurity experts say these criminals are getting bolder by the day, so it's more important than ever to be vigilant.

    "Companies need a top-down program," said Craig Marvinney, a litigation attorney with a cybersecurity practice at Cleveland-based Walter | Haverfield. "It needs to protect you in the sense that the board approves of it, the C-suite is on board with it and believes in training programs. If someone's board isn't paying attention or if the C-suite is just giving lip service and not doing anything about it and they get hit, there's some potential liability down the road."

    In May, an attack by the WannaCry cryptoworm targeted computers running the Microsoft Windows operating system, hijacking and holding hostage critical data while demanding ransom for its eventual release. That worldwide attack infected more than 230,000 computers.

    And just last month, another viscous worm dubbed Petya ravaged systems, largely in the Ukraine. Also, in late January, a malware attack even crippled the Licking County government in Central Ohio after hackers demanded $31,000 worth of digital currency, according to The Columbus Dispatch.

    And while these types of attacks aren't necessarily new — the first dates back to 1989 — they're occurring much more frequently for one simple reason: People pay, contrary to what authorities recommend. The FBI argues that paying the ransom only emboldens the criminals, and there's no guarantee that encrypted data would be freed.

    That said, in many cases, these cyber criminals aren't demanding large sums of money — just a few hundred dollars, usually in the digital bitcoin currency — which is why many aren't balking at paying the ransom.

    "The folks that are out sending these phishing emails and other things don't care about size of organization or what industry it's in," said James Giszczak, a Detroit-based attorney and co-chair of the data privacy and cybersecurity practice group at McDonald Hopkins, which is headquartered in Cleveland. "We're seeing businesses big and small get hit by this, and paralyzed if they're not prepared to deal with it."

    According to Symantec, the Mountain View, Calif.-based cybersecurity giant, the United States remains the biggest target for ransomware attackers. The firm reported that 64% of Americans are willing to pay a ransom to unlock their data, compared to 34% globally. Even more striking, in 2016, the average ransom spiked 266%, with criminals demanding an average of $1,077 per victim, which is up from the $294 reported a year prior.

    The missing link

    The safeguards that can be put in place to prevent ransomware from strangling your business are many. Backing up one's data, unsurprisingly, is critical so that it can be properly restored if an attack takes hold. However, even with a strong backup in place, a ransomware attack can slow business for days, weeks or even months. For example, according to The Dispatch, it took Licking County, which did not pay the ransom, weeks to restore its systems.

    Bloomberg reported earlier this month that FedEx Corp.'s TNT unit, which it acquired last year to expand its European footprint, is still processing transactions by hand and that the company's systems may never fully recover from a June cyberattack — a slog expected to ding its earnings. Cybersecurity experts reported that particular attack wasn't so much focused on collecting ransom but rather causing havoc, but underscores the need for companies to remain cautious of cyberthreats. FedEx also was affected by the WannaCry ransomware attack, although the company said it didn't cause a material disruption to its systems or result in material costs, Bloomberg reported.

    The bottom line? Make sure your employees aren't clicking suspicious links or opening unexpected attachments.

    Email, after all, presents the most pressing threats. According to the Symantec report, one in 131 emails contained some sort of malicious software in 2016, the highest rate in five years. In many cases, these emails use vernacular seen every day in the office — fax, scan, invoice, etc. — so it's important for users to only open attachments or click links from those they trust.

    It sounds like a simple charge, but one not many take lightly despite the fact that employees are a company's first line of defense. Because once one person opens an infected file, it's only a matter of time before it spreads throughout an entire network.

    "It's always the people in the room who say they would never fall for that," said Anthony Catalano, a management consultant for the health care and technology industries at SecureState in Bedford Heights. "They're always it."

    But if an attack takes hold and you're presented with an ultimatum from some veiled criminals, the first thing to do — after calling legal and security counsel, and law enforcement — is isolate the infected machines and take them off the network.

    "You can go as far to unplug it," said Bill Mathews, chief technology officer and co-founder of Hurricane Labs, an IT security services firm in Independence. "That's literally about the only real option you have. Keep it from spreading and doing the thing it's trying to do. Once it hits, you're pretty much hosed because there's not a lot you can do about it."

    Ransomware, of course, is only one of many types of cyberattacks. And like all of them, having a modern and regularly updated technological infrastructure is another critical defense in the fight against malware. The WannaCry attack, for example, exposed vulnerabilities in the Windows XP operating system — a system that debuted in the early 2000s and Microsoft stopped supporting a little more than a decade later.

    And while these criminals don't discriminate, some industries have proven more vulnerable than others: health care and manufacturing, both of which are significant players in Northeast Ohio's economy.

    Experts say manufacturing has proven to be a lucrative target in these cyber heists because of its outdated technology and, perhaps more importantly, the stringent timetables on which their business is based — something that makes them much more likely to pay up.

    As for health care organizations, their repositories are filled with sensitive personal and financial information, making them lucrative targets for criminals. Also, and somewhat surprisingly in an industry known for innovation, their outdated infrastructure makes these sort of attacks possible.

    Complicating matters further, security patches needed to shore up emerging threats to devices regulated by the U.S. Food and Drug Administration require significant testing to ensure they won't complicate devices' functionality. That opens another door for hackers.

    But at the end of the day, it always comes down to human error, experts say.

    "What ransomware does is it exploits the weakest link, and that's always the people," Catalano said. "We encourage organizations not to treat employees as the weakest link, but as the first line of defense. They need to educate them and set the tone."