Tag Archive for: BCDR

What We Can Learn From One Of The Largest Cyberattacks In History.

It started with a single computer—one of tens of thousands from over 130 countries that were connected to the Maersk Network. It ended with the Danish shipping giant losing an estimated $300 million in a matter of days.

In the summer of 2017, in an office in Odessa, Ukraine, a port city on the Black Sea, a Maersk executive asked a member of his IT team to install the accounting software M.E.Doc (Ukraine’s version of TurboTax) on his office computer. Within seconds, NotPetya, one of the most costly and crippling cyberattacks in history began its reign of terror over Maersk—instantly turning computer screens black and completely shutting down the company’s network.

As the chaos quickly escalated, Maersk operations were halted throughout the world. Ships went dead in the water and tons of precious cargo (much of which was perishable) was stuck in shipping containers with nowhere to go.

But Maersk was only one of a number of companies and individuals who were devastated by the Russian-developed malware that was initially created to be used as a cyber weapon against Ukraine. Pharmaceutical giant Merck was believed to lose over $800 million, FedEx $400 million, and parts of Ukraine went weeks without power, food, or a working infrastructure—all as a result of NotPetya.

So what went so terribly wrong, and could companies have been able to prevent the NotPetya attack from occurring in the first place? To find an answer we must look at how NotPetya operated and how it was able to infiltrate computers in the first place.

It all began when Russian hackers hijacked the servers of a Ukrainian software firm that was in charge of providing updates for the M.E.Doc program. Going unnoticed, the hackers gained access into the update servers and thus also into the backdoors of all computers that had M.E.Doc installed. Once the malware was released, it was able to pull passwords and hack into other machines and applications using those same credentials, as well as spread throughout any company computer connected on a multi-network server. Once NotPetya infiltrated an operating system there was nothing the user could do. NotPetya was designed for one purpose only—to destroy everything in its path.

But what could Maersk and others have done to prevent the attack, and what can we do to protect ourselves from becoming victims of cybercrimes?

1- Multi-Factor Authentication: By now you should be familiar with and using Multi-factor authentication on all your connected devices. If you are not, Multi-factor authentication simply means that you must present multiple credentials (in addition to just a single password) in order to gain access to a machine, account, transaction, application, etc. 

By requiring all users to provide Multi-factor authentication you help safeguard your business against the leading cause of data security breaches- stolen credentials. In the case of Maersk, if employees were using Multi-factor authentication, NotPetya would likely not have been able to simply use passwords stored in each computer’s RAM to spread to other applications and computers.

Multi-factor authentication may seem like a time-consuming step, but trust us, a few seconds of added security could be the difference between being protected and becoming a victim. Just ask the executives at Maersk.

2. Timely updates, patches & upgrades: It is believed that many Maersk computers were still operating obsolete system software at the time of the cyberattack. A common misconception is that with how rapidly technology is changing you don’t need the “latest and greatest” software. As far as network security goes, this is a huge mistake.

As we wrote about in our piece “End of the Road for Windows 7 and Windows Server 2008 and 2008 R2,” once a software manufacturer ends support it doesn’t just mean you don’t have anyone to call if you run into a problem. You are also no longer provided with regular security updates or patches, leaving your IT vulnerable and unprotected.

Because Maersk was using an outdated operating system on some of their machines, those machines were never updated with the necessary security patches that could have protected them from NotPetya.

It is imperative that you stay up-to-date with all of  your software and program updates, not just with your operating system patches. Once a critical piece of your network loses support–whether it be Windows or any other application vital to your business–you must upgrade. There is no other choice.

3. Employee Best Practices: It’s extremely important to provide your staff with user-awareness training to mitigate the risk of a member of your team accidentally providing hackers with a backdoor into your system. Know your risks and review your security practices at least once a year to remind employees on what they need to be doing. Schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

In addition, one of the key data breach vulnerabilities we come across is when companies allow users admin rights. Do not allow admin access where it is not absolutely necessary. With Maersk, all it took was a single employee in the finance department at one of Maersk’s hundreds of offices asking to download the M.E.Doc software. You must have the proper restrictions in place to prevent your employees from downloading software to their work computers that is not essential to your business and has not been reviewed by a credible IT firm or IT administrator.

Read more about Data Security Best Practices here.

4. Trusted IT Provider: There has been an increasing and alarming trend in which cyber criminals are shifting their focus away from individual companies and going after their IT Providers. The reason? IT Service firms hold the keys to the castle. In other words, they have access to your company’s and your client’s most sensitive data. This is a dangerous combination if your IT Firm or in-house IT team doesn’t have the ability or knowledge to provide your business with the level of service and security you require. 

Less than two months ago, Wipro, one of the largest information technology providers in the world was hacked. After being hacked Wipro’s systems were then used to target at least a dozen of their clients!

You need to have a conversation with your IT Service Provider or IT manager to make sure they are not your weakest link when it comes to cyber security.  Ask them questions like: are you truly maintaining critical security updates for your IT systems? Are my backups configured properly to keep downtime to a minimum? Do you have the resources to keep up with the growing IT demands of my business?

Keep in mind, the IT industry is highly unregulated. You must do your homework before hiring an outside IT firm or in-house IT manager.

5. Don’t think it can’t happen to you: The story of Maersk and NotPetya should serve as a reminder that all it takes is one corrupt file or program to allow hackers access to your network and to possibly bring down your entire company–no matter how large or small your business is. Don’t think for one moment that you are not a target because of the industry your work in or the size of your payroll.

Furthermore, one of the scariest things about NotPetya is the intent behind the attack, and the growing trend of cyber-warfare and cyber-terrorism– where the goal isn’t to collect a ransom  or steal data or blueprints on product design, but to simply destroy. It doesn’t matter who you are or what you do. We are all targets. We all must fight to stay ahead of hackers and keep from becoming victims.

In business since 2004, PCR Business Systems is the leading IT Service Provider in Northeast Ohio- and one of (if not the only) to be SOC 2 certified. That means we have been audited to ensure that we provide the highest level of service and security for our clients.

 

Business Continuity For Small Businesses

What is your plan if your business gets hit by a natural disaster? Now what about if your network gets shut down because of a data breach? The recovery process can be very stressful, expensive, and may leave your operation out of commission for extended lengths of time. On top of that, you’ll need to worry about supporting your employees and serving your customers. These hiccups pose a lot of uncertainty, which can be a nightmare for young business owners and entrepreneurs to deal with. These are just some small factors that show why it’s important to establish a business continuity plan.

Whether you are dealing with the attacks of a natural disaster or a cyber attack, a business continuity strategy will be a solution that will help pull you out of the dark. Business continuity management (BCM) is a practice that expands on the efforts of your disaster recovery strategies. While your business is dealing with a crisis, data backup support will be streamlined so you can focus on getting your operation up to speed again. This is a great way to preserve the lifeblood of your organization so you can get back to doing what’s most important – serving your customers.

If you are still on the fence about establishing a BCM plan, then there are several factors that might put things into clear perspective. These are some of the key reasons why it’s best for businesses to define business continuity strategies in the early stages:

Millions Of Threats Are Always On The Horizon

Unfortunately, your network is always at risk. There are millions of cyber dangers swirling around the world wide web. Disaster can strike at any moment, from nearly any angle. Just one malware virus can yield enough power to wipe away your entire network. When it comes to business continuity, you can never be too cautious. Even if you have the strongest layers of firewall protection and a stable disaster recovery plan in place, business continuity is a surefire way to keep the business process of your operation running smoothly.

Any Downtime Can Be Extremely Costly

If your network takes a hit, then you may need to take some time to evaluate what to do next. Unfortunately, any downtime will keep you from running a productive operation. This can prevent you from serving customers, which will ultimately keep you from generating revenue. What’s even worse is that you’ll probably have to make expensive purchases on repairs and maintenance. This can rack up the costs and lead to failed business opportunities.

Data Backup and Disaster Recovery Is Not Enough

Risk management is about much more than just restoring your data. It’s about keeping things intact, and when a disaster ensues. If you are a business owner, there are many factors that you’ll need to gain control over. While your sensitive information like business data is certainly crucial, it is not the only worry that you should have. Fortunately, business continuity stimulates the effects of your cloud devices, helping you secure lost information faster. This will help you get your business back to peak form much more quickly.

You Will Deliver a More Positive Business Impact

Business continuity does more than just restore your data. The right technology will keep you clear of cyber dangers and make sure all our critical IT functions are on line. This gives you a leg up as it clears a pathway for you to focus your attention on customer services and other crucial business decisions. Finally, the right business continuity program comes with complimentary risk assessment software, so you are able to detect, prepare, and defend off any hazards much more efficiently.

Rely On PCR Business Systems

Our professional, experienced team will help you develop a business continuity strategy that promotes the growth and sustainability of your business. We will work alongside your team to determine your current needs and ensure all team members are educated on the necessary precautions and policies. To find out more about how a partnership with PCR business can benefit your business, contact us today!