3 minute read
wilkens
Over the past two-plus years of the global pandemic, these nefarious efforts have increased due to more people working remotely, the cybercriminals taking the opportunity to deceive and attack.
At the start of the pandemic, many companies were unprepared for remote work and sent their employees home without proper cyber protection in place, Wilkens said. Unfortunately, for some compa- nies the learning lesson was heavy-handed, some falling victim to attack ploys.
“The pandemic, it was kind of interesting,” Wilkens said. “We saw an overall uptick in phishing attacks by people using the pandemic and people’s fear. Cybercriminals love to pull off the fear.”
The attack could have been something as simple as an email that alleged a company’s new COVID policy. An employee would click on it, and immediately the system was infiltrated, its information breached.
Thus the fortress scenario: protect the castle before any entry by the enemy.
Scott Kaylor, manager of cybersecurity and network services at NISC in Bismarck, North Dakota, said the entirety of the pandemic has been interesting to watch with regard to cyber attacks and defenses. He said there are “attack vectors” or “pivot points” in the simplest of things, such as the aforementioned, non-suspicious-looking email.
That’s why vigilance is a must when it comes to combating cybercrimes.
“Our job is to provide as many layers of defense as we can to catch them before they do anything,” Kaylor said.
“With everybody working from home, we’ve definitely seen an uptick in cybersecurity. We’ve had ransomware attacks happening quite regularly. Unfortunately, a few members fall victim to those types of attacks. They’re pretty detrimental for a business because it encrypts all of their data, and basically cripples them to the point where they almost have to pay to get their data back.”
What’s more, he said these ransomware culprits often operate like a business.
“It’s not a good business, but there are people who invest dollars in these organizations to encrypt people’s data and then, once they get paid, everybody (working in their scheme) gets paid,” Kaylor said. “I think that’s primarily why we are seeing more of that happening in today’s society.
... It’s crazy.” continued on page 20 continued from page 19
When it comes to cybercriminals targeting businesses, does size matter?
Kaylor says no.
“It doesn’t matter if you’re a small business or a large business,” he said, noting both mom-and-pop shops and large corporations can become compromised. Going after the big money, however, usually lends itself to targeting larger companies.
Don’t forget the personal computer
It is not only a company’s computers that cybercriminals target.
“I think there are a lot of vulnerabilities out there, and very widespread vulnerabilities,” Kaylor said. “I think in today’s society, it’s easy to compromise and exploit these vulnerabilities. … Our job is to put up as much offense as we can to keep the threat actors out of our networks.”
That applies to home systems, too.
Scott Kaylor
He said “people are at home where defenses are maybe a little lower. They’re not in their offices behind the corporate company firewalls and things like that.”
Likewise, Wilkens said it is important for home computers to have layers of defenses, including anti-malware programs. “And install security patches whenever they are released,” he said, noting both Apple and Windows do frequent and important updates.
“Make sure you’re installing those updates,” Wilkens said, explaining there are several worthy anti-virus and anti-malware programs on the market to help protect personal computers.
But he warns: “If you get an email – and this will go back to phishing – asking you to click on a link to verify your information, never click on the link unless you specifically ask for it.”
If you ask for a password change and a link is sent to you, that’s different, he said, because you requested it; but don’t click on a link that invites you to change a password.
“For instance, if you get an email with a link that says your account has been compromised, click here to reset it. Don’t click that link. Go to the site on your web browser and verify your information yourself.”
With passwords, he suggests using a long phrase instead of just letters and numbers, something meaningful that only the user would remember.
More layers of defense
Kaylor said there are all types of things businesses should be doing to protect their systems, including making sure employees receive regular training so they know what to look for if something suspicious enters their inbox.
“We’re all human,” he said. “There’s a certain percentage of us who are going to click on things that we probably shouldn’t, because we’re in a hurry, and so education and training during the year is very important.”
Multi-factor authentication also is another layer of protection, for businesses and individuals. “And,” Kaylor said, “I think it’s really important for organizations to partner with a third party that has a good security operation center that can monitor things happening on your networks. You can be alerted much quicker when the threat actors try to compromise your systems and start doing their recon on your networks.
“Having someone watching that 24/7 is really important to stay on top of those types of things.”
Wilkens said the many layers of defense basically protect one’s castle of information. Don’t take that lightly, because criminals are always trying to find new ways to breach it.
“Attacks come from everywhere, all the time,” he said.
