Security Roundup: Baltimore Cyberattack, GDPR, Guardicore, Siemplify
There already have been 22 reported cyberattacks on the public sector in 2019.
Baltimore is the latest city to be targeted by anonymous malicious hackers, and its servers’ digital content remains hidden.
Government emails are down, payments to city departments can’t be made online and real estate transactions can’t be processed. The malicious hackers used a ransomware called RobinHood, which makes it impossible to access server data without a digital key, and replicating that key without the hackers is impossible.
The cybercriminals are demanding about $100,000, which the city says it won’t pay, and the FBI and Secret Service are investigating, while the city has contracted with cybersecurity experts help reestablish services.
So why are municipalities increasingly being targeted by cybercriminals?
James Slaby, Acronis‘ director of cyberprotection, tells us there’s clear evidence that cybercriminals, especially the kind whose weapon of choice is ransomware, are training their sights on larger businesses and government institutions. They used to more broadly target smaller businesses and consumers.
Recent examples of municipal ransomware attacks include Washington, Pennsylvania, Stuart, Florida, Imperial County, California, Garfield County, Utah, Albany, New York, Amarillo, Texas, and more.
Acronis’ James Slaby
“That’s before we get to the granddaddy of municipal ransomware attacks, the one that hit (the) City of Atlanta last year, which still ranks among the costliest on a government target, with the city’s cleanup expenses eventually reaching $17 million,” Slaby said.
Bindu Sundaresan, director at AT&T Cybersecurity, said attacks on cities with crimeware as a service is a new component of the underground economy. Cybercrime is pegged at $6 trillion dollars by 2021, according to Cybersecurity Ventures.
“The local city agency is part of the larger supply chain so the impact can be beyond just disruption; cybercriminals can also gain access to information that can be altered, disclosed, [and so on],” she said.
The reasons for this particular cybercrime wave are pretty simple, Slaby said. One, a large city, manufacturer or hospital likely has more money to spend on a ransom to get their data unlocked and their services working again, versus a family or small business, he said.
“Two, these targets have more urgency to pay their attackers, as the availability of their services (in the case of cities and health care providers) may have life-and-death consequences, or they may find downtime extremely expensive (as in the case of an auto factory, where downtime can cost an estimated at $22,000 an hour),” he said. “Third, there may be follow-on consequences even after the attack has been cleaned up: political embarrassment, regulatory fines, lost customers, brand damage, falling stock prices, [and so on].”
The notion that any institution or business can make itself impenetrable to such attacks is fantasy, but some organizations are better at it than others, Slaby said. Proper cyberprotection against ransomware and other malware-based attacks involves …
… a few disciplines:
Keeping operating systems and applications updated with the latest software releases, including patches that close specific known security vulnerabilities.
Being diligent about backing up your systems so that you can restore from a recent backup copy and not lose much data if your primary data stores get locked up or corrupted.
Training your employees to be wary of common infection methods, like phishing emails that look trustworthy but actually contain links or attachments that download malware if clicked on.
There already have been 22 reported cyberattacks on the public sector in 2019, and it’s only a matter of time before cities realize they can’t afford these infections and dedicate the resources needed to improve their security posture, said Terry Ray, senior vice president and fellow at Imperva.
“MSSPs and cybersecurity providers can help by making advanced data security solutions available, accessible and easy to implement for city governments,” he said. “The best way for cities to prevent an attack is to immediately detect ransomware data access behaviors before the ransomware spreads across the network and encrypts critical data stores. Once detected, you can quarantine impacted users, devices and systems. Having a strategy that takes into account what happens when a cyberattack occurs, whether it’s ransomware or another method, is essential to resiliency.”
While rapid detection is critical, a close second is incident response, specifically restoration of data, Ray said. Most ransomware tools target files and databases, but extend the attack to include the encryption of backups as well, he said.
“Backups should be made and tested frequently enough to make restoring from backup an acceptable organizational option as an alternative to paying a ransom,” Slaby said. “Too few organizations make effective backups often and broad enough to effectively restore data to a point that a business can quickly return to normal activity post-attack. And then there are the sad few, who have their data and backups encrypted in the attack. You should have frequent reliable backups stored in a location gapped from the core network, possibly even off-site.”
The threat environment that led to the Baltimore attack presents “enormous opportunities” not just to MSSPs and traditional cybersecurity providers, but classic VARs, too, Slaby said. If you’ve been looking to bridge from selling just perpetual-license, premise-based software into offering cloud-based services, helping customers fend off these kind of attacks is a great way to expand your business, he said.
“I would be looking at offering a combination of behavioral anti-malware services and data protection to defend customers against urgent malware threats like ransomware and cryptojacking, and maybe buttress that with wraparound services like patch management, vulnerability management, traditional antivirus (which is still useful against known threats), and security awareness training,” he said.
GDPR One Year Later
A year after the deadline for General Data Protection Regulation (GDPR) compliance, there are conflicting sentiments from the global workforce about whether the law has been effective, according to a new survey released by Snow Software.
The survey, which polled 3,000 professionals in the United States, Europe and Asia Pacific, found that just 39% of respondents feel their personal data is better protected since GDPR enforcement began. Another 34% said data protection seemed the same, while 20% are unsure and 6% actually believe their personal data is less protected than it was prior to enforcement.
This mixed response around the impact of GDPR likely reflects …
… the complexity of educating the public on data regulations, as well as the difficulty that organizations still face in complying with the law, according to Snow Software.
Some 57% of global workers noticed stricter policies at work regarding the use of technology or customer data as a result of GDPR. Enforcement appears to have had the biggest impact in Europe, where 70% of respondents reported stricter policies, and at medium-size businesses with 100-1,000 employees, where 65% of workers noticed policy changes.
Alastair Pooley, Snow Software’s CIO, tells us people generally don’t seem to like GDPR because it has been perceived as more annoying than beneficial; however, the law is leading to increased transparency around data breaches, which in the long run will improve security, he said.
Snow Software’s Alastair Pooley
“And the need for GDPR is also evident when you consider that the technology industry is seen as not having done enough to protect consumer data at the company level, likely due to publicity around Cambridge Analytica and other high-profile data leaks or breaches,” he said. “Companies should promote data privacy and its merits — and it’s a topic that global consumers should care about as well. There are also opportunities to help companies develop their security controls and education programs, and both are an immediate need for most organizations.”
Meanwhile, an online study conducted on behalf of TrustArc shows 36% of adults ages 16-75 trust companies and organizations with their personal data more since GDPR came into effect one year ago. There are positive sentiments toward enforcement activity, and half of respondents have exercised some of their GDPR privacy rights.
Some 57% of respondents also are more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance.
“Providing more transparent ways to demonstrate GDPR compliance and ensuring they respond to privacy rights requests in a timely manner will go a long way toward further improving consumer trust and increasing website use and online purchasing,” said Chris Babel, TrustArc’s CEO.
Guardicore, Siemplify Receiving Funding Injections
Guardicore this week announced it has raised $60 million in Series C funding, bringing the company’s total funding to $110 million.
Todd Bice, Guardicore’s senior director of channels, tells us his company plans to use proceeds from this funding round specifically to grow its channel organization, improve partner enablement programs, and increase its investment in partner events and other channel marketing initiatives.
Guardicore’s Todd Bice
“We will have a strong focus on technical enablement with the addition of a channel-dedicated technical resource, hands-on test drive training, partner demo environments, and our new certification program,” he said. “We will also leverage our capital raise to fund a highly lucrative Partner Incentive Program, which includes very aggressive SPIFFs that are paid to partner-selling teams. This additional investment, on top of already aggressive margins, was an intentional, strategic decision as we see partners as our fastest path to increased revenue and market share in 2019.”
Guardicore protects data centers of large and midsize enterprises across North America, South America and EMEA in financial, health care and retail industries, including global, blue-chip brands.
In addition, Siemplify has secured $30 million in Series C funding. The company will use these new funds to drive expansion of its global go-to-market strategy, as well as further enhance its security operations platform.
Bradd Barmettler, Siemplify’s global head of channel, tells us his company is in the process of expanding sales incentives for its partners.
“This will build more mindshare by putting more money in our partners’ pockets for achieving key goals,” he said. “Those goals increase the ability to achieve key sales activities that then build a joint pipeline for our partners and Siemplify.”
Siemplify is reaching out to partners to see where it can expand upon the current event schedule and joint marketing efforts, Barmettler said.
“We are planning to expand the channel team,” he said. “With a bigger team, we can focus more time and energy on partner-marketing efforts, training and enablement, which are all key factors to building a channel pipeline and increasing channel sales.”
Read more about:
MSPsAbout the Author
You May Also Like