While recent events of hacked email servers are troubling and cause for serious concern, a bigger threat still to any group’s internal security is ransomware. Ransomware attacks began several years ago when personal computers used to visit adult content websites inadvertently downloaded malicious code onto their hard drives. Screens were locked and released only after a ransom was paid using an online encrypted payment system. But now that the model is proven, police departments and hospitals, often lacking the latest versions of operating software and browsers, are hacked with ransoms in the hundreds of thousands of dollars per institution in some cases. And with patient records, financial information, and even lives at stake many groups have had no choice but to pay. And web giant Cisco says it’s just going to get worse. With outdated software, no basic protection for some systems and slow detection most businesses are at risk. Cisco has released their Midyear Cybersecurity Report (MCR) which examines the latest threats and features a spotlight on ransomware. One of the biggest vulnerabilities is due to the amount of time between infection and detection. Some groups according to the report say in average companies detect the hack 200 days after download allowing the perpetrators plenty of time to set themselves up to hold companies hostage. Cisco also has identified JBoss servers as particularly vulnerable with as many as 10 percent having been compromised. So what else can be done? What is referred to as good (digital) housekeeping with multiple levels of security and monitoring. Cisco says many companies fail to patch or update critical applications on a timely basis. Think CRMs and HIPPA compliant databases etc. Cisco says that the more critical the application to the business operation the less likely they are to be updated making them among the most vulnerable points of access. In addition to regular updates, companies should regularly back up critical data and begin to measure the TTD, Time To Detection. At this point, especially for large businesses, it’s not a question of if you’ll be attacked, it’s a question of when.
