According to Statista, U.S. companies sustained more than 1,000 incidents of data breaches in 2020 which exposed the data of more than 150 million people. The year 2021 has already seen its share of this alarming trend—and at a destructive and disturbing new level. This May, for instance, an unprecedented ransomware attack against Colonial Pipeline, the nation’s largest fuel pipeline (originating in Houston and serving the southeast), shut down the pipeline and triggered oil, gasoline and jet fuel shortages throughout the East Coast. Just weeks later, Kaseya—ironically, an IT solutions developer for managed service providers (MSPs) and enterprise clients—became the victim of a hefty ransomware attack over the July 4 holiday that compromised between 800-1,500 of its small-to-medium sized MSP clients.
With the number and magnitude of cyberattacks forecasted to continue rising in the United States and worldwide, it’s more incumbent on companies than ever before to take reasonable steps to protect themselves against such attacks, many of which have been attributed to “human error” such as weak internal cybersecurity that increases a company’s vulnerability.
IMARK Electrical Now sat down with two industry cybersecurity experts to discuss the current state of cybersecurity attacks and key steps that distributors and other companies can take to help protect themselves against this troubling and potentially costly and damaging threat.
IMARK Electrical Now: What are the most popular/common types of cybersecurity threats being waged by bad actors today and why?
Ken Armstrong, Intertek-EWA Canada (Ottawa, Canada): Right now, ransomware is the biggest security threat to almost every organization. These attacks are ongoing, increasing and extremely successful. The cyber criminals behind the ransomware attacks are collecting millions to billions of dollars this year in extortion.
IMARK Electrical Now: Has the fact that so many people were/are working from home over the past 18 months increased a company’s risk of being breached?
Armstrong: Yes—this has added a whole new aspect to protecting corporate resources. The home network is full of personal and IoT devices that aren’t normally managed to the rigor of corporate environments. If these devices are used to access the corporate environment or resources, they introduce potential avenues of attack. Even if personal devices aren’t used to access corporate environments, they share the same network that the corporate devices use to connect, and these personal devices still can introduce attack vectors to the corporate device and eventually to the corporate environment.
IMARK Electrical Now: What other conditions have caused cyberattacks to increase in frequency and severity over the years?
Kevin Davis, IMARK Electrical (Bowie, Maryland): Years back, we used hard drives to exchange data between people and access was more limited. But the internet has made it so easy to access information and for bad actors to connect to everything, including a company’s back-end systems. With the ease of accessing information via the world’s internet connectivity came a loss of some control and the risk of the wrong people getting their hands on the information. The recent attack against Kaseya—makers of a piece of software that allows companies to manage their computers remotely and apply operating system updates and patches, assess disk space, etc. without needing physical access to a computer—was especially troubling because it raises questions about the credibility of the tools we use to manage computers remotely, which are critical to supporting employees in today’s increasingly distributed environments.
IMARK Electrical Now: Are certain types of companies more at risk than others? Why or why not? And in the end, are all companies at some risk?
Armstrong: All organizations (and individuals) are at risk. Some sectors are more targeted than others, but no organization is immune to being attacked. Different sectors will receive different types of attacks. For example, health care and financial sectors are increasingly under attack from attempts to steal personal data that can be used to conduct identity theft. High-tech, research and manufacturing sectors
are facing attacks to steal intellectual property that can be monetized. All organizations are at risk of phishing and ransomware attacks. Different criminal groups have different motivations, tools and techniques that they employ, but in the end almost all of them are out to monetize their efforts in some manner.
IMARK Electrical Now: How does IMARK manage its computer systems?
Davis: We use a third party to manage our organization’s approximately 60 computers. The third party uses Kaseya software to manage our computers, but they were made aware of the recent breach in advance and shut down their Kaseya servers, so thankfully we weren’t impacted; other companies who were running this software on their own got hit with ransomware and their data got encrypted. Companies need to make sure that they have a good wall up to defend against attacks, although it’s hard for anyone to know what’s coming next. It can be like a chain link fence with holes in it if you’re not carefully monitoring your systems and taking measures to stay one step ahead.
IMARK Electrical Now: Please share some top tips to help electrical distributors and manufacturers protect themselves against cybersecurity threats and reduce their risk of being breached, or of backup system capabilities they can develop that allow for continuing operations.
Armstrong: Some high-level recommendations include using multi-factor authentication whenever possible, patching systems and keeping operating systems and applications up to date and ensuring solid user awareness training for cybersecurity.
Davis: At IMARK, there are three parts to our cybersecurity measures. First is training—helping people to understand and identify potential issues (such as strange, unexpected emails or the act of phishing, which occurs when an attacker sends a fraudulent message designed to trick a recipient into revealing sensitive information) and to avoid certain practices, such as including any kind of personal information in an email. It’s important to find a cybersecurity training service, have every employee trained and then send out constant reminders.
The second part of our approach is that if anyone requests an employee or member to make a change to their information in an email, we call to verify that request—and not the number in the email but a number in our database, because an employee’s or member’s email can be hacked by a bad actor posing as them and requesting personal information.
Thirdly, we hired a third-party cybersecurity company which monitors all of our network traffic and computer activities for cyberattack movement. While not necessarily an inexpensive service (though it’s less costly than hiring a dedicated person in-house), they have a network operation center staffed with hundreds of cybersecurity experts and a database of more than 1,000 different types of attacks to networks which can signal that an attack might be happening or imminent. They run their database of cyberthreats against our logs every minute of every day and if anything comes up, they’ll call us and we’ll jointly determine what to do. Recently, for example, we were informed that the email account of one of our employees got hacked; we were able to shut down the fraudulent emails being sent out from the employee’s account and followed up by instituting multi-factor authentication. In another instance, we were informed that people overseas were trying to hack into employee mailboxes, at which point we turned off access to mail from other countries. We were able to tighten up these things thanks to the monitoring service we had in place.
IMARK Electrical Now: What other measures can you recommend to help IMARK members protect themselves against cybersecurity threats?
Davis: Turn on multi-factor authentication anywhere you can and make it a changing token or a text/email with a number that’s required for someone to get in—anything that adds a layer of protection and one more step to get in the way of bad actors having free access.
DMARC/DKIM (Domain-based Message Authentication, Reporting & Conformance/DomainKeys Identified Mail) email authentication, policy and reporting protocol is a signature code which signs that an email you sent indeed came from your server; the receiving system then takes that signature and passes the code back to the domain server that sent it to verify its validity. You have to make a conscious decision to turn on this option within the domain record at your company, but doing this will identify spam, send it to the “junk” file and minimize many of the bogus emails received.
Finally, we pay attention to all of the cybersecurity headlines and developments in the news, such as the Colonial Pipeline situation, so that we know what happened; we then ask our third-party team how they or another company got hacked into and how we’d fare in that situation so that we can determine if we have adequate protections against such an attack.
The Best Defense
According to recent communications from The Kiplinger Washington Editors Inc., ransomware has gotten more sophisticated than ever and hackers have become notorious for targeting mission-critical entities that have an urgent need to return to business as usual, such as hospitals, pipelines, water treatment plants, schools and more. But according to the National Institute of Standards and Technology, all businesses are at some risk and should follow certain basic cyber best practices. Among them:
- Always use antivirus software.
- Keep all computers fully patched with security updates.
- Use security software and services that block any known ransomware websites.
- Configure computer systems so that only authorized apps can run on your computers, preventing ransomware from working.
- Limit or prohibit personal devices on your organization’s networks.
- Tell employees to avoid using personal apps/websites or opening unknown files on work computers.
- Don’t wait to put a plan in place for recovering from a ransomware attack, including a means of informing customers, suppliers and the media. Keep a contact list of specialty cybersecurity recovery firms, law enforcement and company lawyers. Regularly test your company’s plan and ensure that data backups are working. And don’t forget to have an updated list of the key personnel who will take charge.