Las Vegas businesses beware — no matter the size you’re vulnerable to cyberattacks that can cost a company its data and customer information and even trigger ransom demands.
That was the message from Deepakeswaran Kolingivadi, the group product manager of advanced threat at Bitdefender, a global cybersecurity technology company with its U.S. headquarters in Santa Clara, California.
Kolingivadi and other experts descended on Southern Nevada to attend cyber security conferences known as Black Hat at Mandalay Bay and Def Con at Caesars Palace.
“We’re seeing that the cybersecurity landscape is evolving at a serious pace,” Kolingivadi said. “The attackers are getting more creative, and they’re very motivated. They have a bunch of tools, techniques and time to go after the weakest link in a program. Nobody is immune to attacks. Be it small, medium, large or very large businesses, all of them are getting attacked. It used to be only the largest needed to be worried about cybersecurity.”
During the Las Vegas conferences, held July 22-27, another Silicon Valley cybersecurity firm, Malwarebytes released a report surveying more than 1,000 companies with no more than 1,000 employees across the world and found that more than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.
“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, of Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.”
In the early days of cyberattacks, it may have been done by a “kid on the block” who turned into a hacker, Kolingivadi said. That’s no longer the case with people and groups from all over the world — some who may do it for a small profit of $300 and others who seek thousands of dollars in return for releasing data back to companies.
Some seek company secretes, others want credit card and other customer information that if released would tarnish the reputation of the company, Kolingivadi said. Medical records are also targeted, he said.
Some hackers have political motives like the hacking of adult dating site Ashley Madison, Kolingivadi said. Others, like the Russians, hacked the Democratic National Committee to create havoc with the U.S. election, he said.
“It doesn’t matter whether you have $1 million in revenue or $1 billion in revenue,” Kolingivadi said. “If they know they’re getting something of value, they will attack.”
Those vulnerable in Las Vegas include the hospitality and gaming industry, schools, hospitals, retailers, financial institutions and governments, Kolingivadi said. Anyone who has digitized their business operation is prone to attack, he added.
“They will go after data you can’t afford to lose and extricate money from you,” Kolingivadi said. “Some people have lost their business or gone bankrupt.”
There’s no guarantee companies get back their data if they the pay the ransom, Kolingivadi said. He said companies shouldn’t pay because it encourages hackers to continue these attacks, he said.
“Many of those companies who don’t back up their data lose the data,” Kolingivadi said. “You can’t trust these attackers. They’re not honest people who keep their word. Their intent is sinister in nature.”
Companies can protect themselves by having strong passwords on laptops and other computers to make it more difficult to hack. Data should be backed up on a regular basis. Software should be checked for flaws and bugs and software protections should be installed, he said. Systems running slowly or crashing should be considered suspicious that it was hacked, he said.
“In the wake of the recent attacks we have seen, the single biggest mistake businesses did was they did not keep their systems patched up to date with the latest software from Microsoft,” Kolingivadi said.
To stop the “enemy at the gate,” Kolingivadi said cyber security software can deal with problems before patches are updated. Those costs can run more than $40 a computer for a year, much cheaper than if there’s a breach, he said.
“More than a half-billion accounts of Yahoo were breached,” Kolingivadi said. “How do you put a number around it? It really took the company down. It was a killer for that company.”
The Malwarebytes study said that for one in six companies impacted, a ransomware infections caused 25 or more hours of downtime with some reporting systems were down more than 100 hours. Some 22 percent said they had to cease business operations immediately and 15 percent lost revenue.
The most common source of ransomware infections in the U.S. was email use. Some 37 percent came from malicious email attachments and 27 percent were from a malicious link in an email.
More than 70 percent of businesses surveyed said the ransomware demand should never be paid. The others said it should only be paid if the encrypted data is of value. Of those who didn’t pay the cybercriminals’ ransom demands, one-third lost files as a result, the study said.