Webinar: Remote work, Ukraine war contribute to cyberattacks

Brice Wallace 

Cyberattacks have been the subject of a lot of chatter for years, but problems since the beginning of the COVID-19 pandemic have ballooned.

Speakers at a recent cybersecurity webinar said more employees working from home and using their own devices, plus the Russian war in Ukraine, are among factors leading to growing problems for companies and individuals.{mprestriction ids="1,3"}

“It spans everybody, from the tiniest companies up to the biggest ones,” Chris Sykes, IT manager at Strong Connexions, said at the webinar, presented by the Salt Lake Chamber, The Buckner Co., Nexus IT Consultants and Strong Connexions. “They all seem to have similar concerns, and it’s a good opportunity to look at it and reassess.”

“We are seeing a significant uptick in activity, even of businesses right here in Utah or here in the U.S. getting caught in the crosshairs of geopolitical conflict, and we’re seeing hacks at levels that we haven’t seen in 24 years of business, we’re seeing ransomware attacks, we’re seeing all sorts of phishing and spamming attempts and just a significant escalation in activity,” said Earl Foote, founder and CEO at Nexus IT.

Christian Deputy, chief sales officer at The Buckner Co., described the environment as “an exciting time in the cyber landscape — maybe not in a good way, but it’s an exciting time.”

Speakers said the trickier times have shifted the insurance landscape. A few years ago, underwriters provides lots of insurance under easy terms after cursory looks at applications. Now they pore over the answers on complicated questionnaires, wanting to be sure that companies have prevention and management safeguards in place, and typically charge more for tougher-to-get policies.

“You don’t have to look very far or read very far to understand that the losses that insurance companies have experienced over the last few years have grown significantly,” Deputy said. “And what’s driving most of this is ransomware attacks. There are a number of different attacks, but it appears that the bad actors have found a way to make meaningful money by putting together a ransomware attack on your system.”

Shutting down data systems for money has become fruitful for attackers and sometimes disastrous for victimized companies. Deputy cited stats showing that in 2021, the average downtime for victimized companies was 21 days, and it was typically 287 days before the companies were back to full pre-attack capacity. In 2020, the average payout to a successful attacker was $312,493.

“That’s what we’re seeing, is that change in the landscape is causing organizations to look at this just a different way than they ever have, and probably for a good reason because the data is showing it’s becoming more impactful,” he said.

Foote said one cybercrime ring leader nabbed before the pandemic was making $1.5 million a day from ransomware attacks. “People often ask, ‘Why does this happen?’ Really, it comes down to, yes, there are malicious people who want to do malicious things, but more than anything, it’s a business opportunity for them,” Foote said. “There’s a lot of money.”

Brandon Robertson, vice president of the healthcare practice at The Buckner Co., said insurance carriers want to know details about applicant companies’ “risk culture” and cyber risk management. In order to get coverage, companies often need to have in place multifactor authentication, endpoint detection and response, backup strategy response, email filtering tools, data encryption and remote desktop protocol.

“If you don’t have those six things, there’s a good chance you won’t get cyber insurance and won’t even have that option to transfer some of that risk from your company to the insurance carriers,” he said.

‌ Foote said many of those elements are neither difficult to implement nor outrageously expensive, although Robertson said that, to some companies, “it seems daunting.”

“I find that a lot of them are pleasantly surprised that the things they need to implement are not that hard or not that expensive, and they’re not necessarily disruptive, either,” Sykes added.

However, doing nothing is not a proper response, speakers said.

“One thing I think organizations ought to be thinking about: If you haven’t been attacked, you probably will be,” Deputy said. “Someone will probably figure out how to get partially through the door.”

If one company’s safeguards and systems are robust enough, the attacker likely will just “move on to the next guy,” he said.

“You’ll hear guys like us who will talk about ‘it’s not if, but when,’” Foote said. “And that isn’t a scare tactic. It’s an education tactic of helping business leaders and organizations understand that everybody is a target and in reality in today’s world, nobody is impervious, including governments, and the likelihood that at some point you will fall into the crosshairs is extremely high.”

Having good “cyber hygiene” can even be a competitive advantage for some companies, allowing them to tell partner companies, clients, customers and others “why we can be more trusted with your data than our counterparts,” Foote said.

Businesses should bolster their cybersecurity, with the first step being conducting a vulnerability/risk assessment and following up with an action plan to remediate any gaps, as well as creating incident response plans and business continuity plans — and, speakers said, constantly updating each of them.

“It’s an alive, changing, always-evolving process,” Deputy said.

“The way that this whole landscape is evolving,” Foote said, “it forces business leaders to begin to really think much deeper about data governance — where you touch your data, how you touch your data, who has access, why they have access, how they get access — and forces you to rethink this whole thing and create process and procedure around it.”{/mprestriction}