What do these names have in common: Sandworm Team, Lizard Squad, Comment Crew, AnonGhost, LulzSec? If, like me, you’re the parent of a teenager, you may think these are either the latest hot bands or some sort of new messaging app. But the reality is far scarier. These are international cybersecurity organizations, many operating from overseas countries, that can affect your business in a dangerous way.
Mark Weatherford, vArmour and The Chertoff Group spoke about cybersecurity at the recent NAHAD Conference and Annual Meeting in Colorado Springs, and the possibilities are chilling.
“The barriers to cyber security are so low, anyone in this room could learn to be a hacker in 30 minutes,” Weatherford told the audience of manufacturers and distributors. “There is this perception that these are very crude individuals, but they are running their organizations like you are running your businesses.”
It’s easy to think that we’re safe in our little bubbles of manufacturing, but all types of businesses, large and small, are being hit. These groups are active in manufacturing, communications, defense, energy, healthcare, transportation, and even water.
The risks of getting caught in many countries is almost insignificant, Weatherford said. And more than 50% of attacks are the form of some type of insider activity. That doesn’t mean you have a spy in your company, but naïve or ignorant users only need to click on an email attachment one time to put your company at risk.
Ransomware is a particularly scary thing. It happened to one of my relative’s businesses last year, and the results could have been devastating—had they not had their data backed up offsite.
In this scam, the bad guys obtain access to the company’s business network through a corrupted email attachment. When that attachment is opened, nothing happens, the user shrugs and deletes the email. But now that the hackers have an open door, they systematically–maybe for months–gain access to all the company’s data, files, systems.
Then one day, a popup appears on the company computers. It says you have 72 hours to pay several bitcoins to them (generally a few thousand dollars) or they will erase all your company’s data. Stop and think about that. Could you operate tomorrow without any of your data? Your customers, who owes you money, the specifications for your products?
What’s worse, the IoT is connecting devices everywhere—from sensors to hydraulic cylinders to electric motors. This means more coming risks. As much as I see companies singing the praises of the IoT, there is almost no information on security. There seems to be no consistency of security across mobile and cloud environments. And that’s a problem that we need to address.
Security, unfortunately, isn’t merely a concern for our IT departments anymore. And I don’t see any company or organization stepping up to the plate to take the lead and show how to move forward. What is your company or industry doing in this arena? I’m interested in hearing your thoughts.
Paul J. Heney – Editorial Director
On Twitter @ DW_Editor