Please enter your email below to subscribe
There are no more secrets about the bears lurking in cyberspace. They will not be deterred by your defenses; those are only challenges. You do not have to be an attractive target. If you are vulnerable, but otherwise uninteresting, you might still serve as a gateway to a more lucrative victim.
Some of the bears want your berries and honey. It is what they live on: your data, your research, your money. They are like the bears that frequent campsites and garbage dumps; they want you to stay in business to keep them supplied. Others want to kill you. They will encrypt your data and hold it for ransom. If you do not pay, it is effectively gone forever. Some just want to destroy your data for political reasons, economic vandalism or perhaps just because they can. The Organization of American States recently released the results of a poll of utility companies serving its member countries. The report documents widespread attacks directed at data destruction and equipment manipulation through compromised control systems.
It is not an understatement to declare that the very existence of any targeted enterprise is at risk. Your imperative is to be prepared to fight for your life.
You need defenses that will keep out some of the bears, and you must have a plan for those who penetrate your perimeter. If all else fails and they are threatening to take your life, namely, to erase your files, seize control of your systems, render your network unusable, how are you going to fight back?
There are options. Defenses can be layered to create a series of hurdles for the intruder to overcome. If user access to critical data and systems is tightly controlled, this can minimize the damage from a compromised account or an intruder-created account. System logs can track what users do and send alerts when something unusual occurs. You can even consider a reverse attack on an intruder, though you have to be certain you know where they are from and must avoid running afoul of the law.
And back up, back up and back up some more. One of the best responses to a ransomware type of attack is simply to isolate the infected files and replace them with your back up copies. This, too, requires planning. The more critical the file; the more often it should be backed up.
Kenneth Citarella is senior managing director for the Investigations and Cyber Forensics practice at Guidepost Solutions LLC. He has more than 30 years of experience investigating and prosecuting white collar crime and computer crime.