Page 7 - Cyber Defense eMagazine - March 2018
P. 7
these can be just as damaging to your reputation as having your official account
overtaken.
3. Real-time services: Any business that offers real-time services (such as
banking institutions, healthcare providers, etc.) should be especially alert for
extortion attacks. Attackers know that interrupting key components of what
makes your business function will put more pressure on you to resolve the issue
quickly. And sometimes, resolving the issue quickly might mean paying the
attacker what he’s asking for in order to avoid a longer downtime.
What can you do? Make sure you have adequate backups of your data and a
recovery plan in place. Establish guidelines for how long your business can
afford to be down and how long it will take you to restore data afterwards. Set up
processes for determining where attacks may be coming from (especially if your
organization employs hundreds to thousands of people), and make sure your
employees know how to report any suspicious activity.
4. Cryptocurrency: With any digital asset that can equate to cold hard cash comes
the threat of extortion or theft, and cryptocurrency is not immune. If you choose
to buy bitcoins, be aware that attacks have already begun, and they will only
become stronger and more frequent.
What can you do? Stay on top of the latest industry news and laws, and use
backup and encryption methods to your advantage. Don’t save the passwords to
your digital wallet on any personal devices or online password banks. And, when
you’re not using it, make sure you store your digital currency offline.
While new technologies and digital services can pose a significant threat to your brand
and critical processes, ensuring you have the proper planning and detection methods
set up can save you a lot of headaches – and money – as extortion methods expand.
About the Author
Derrick Rice is principal consultant at Asylas, a security, privacy
and risk-consulting firm located in Nashville, TN.
With over 15 years in IT, Derrick’s experience ranges from
systems administration to technical leadership roles.
He is committed to helping people understand and eliminate the
inherent threats to their businesses.
He focuses primarily on private-sector privacy (CIPP/ US) and
HIPAA regulation. Learn more at https://www.asylas.com/.
7 Cyber Defense eMagazine – March 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.