ASHBURN, Va. (BRAIN) – Ransomware attacks that crippled operations of a major oil pipeline in May and the world’s largest meat processor in June brought the nation’s attention to the importance of cybersecurity. Less known at the national level, four bicycle companies were also targeted last year.
While a cybersecurity expert whose company has been training and equipping companies for more than 30 years said the bicycle industry is no more targeted than others, cyber criminals are primarily looking for vulnerabilities.
“The biggest mistake companies make is not seeing themselves as a target and ignoring cybersecurity,” says Dr. Eric Cole, CEO and Founder of Secure Anchor, which also provides consulting services. “A lot of people say we are a small company in the bicycle sector, who would be targeting us? And for that very reason, they would be targeted. Opponents don’t often target large companies that invest heavily in cybersecurity and that ignore it. “
Last year, Raymond Lanctôt LTD and its division NRG Enterprises, JBI, Garmin and KHS Bicycles were shut down due to system attacks. Each of the bicycle companies shut down their systems before accessing customer data. Garmin declined to comment, but Sky News reported that the company paid “millions of dollars” to hackers last year.
Recently, Colonial Pipeline paid $ 4.4 million to restore their data and meat processor JBS paid $ 11 million in bitcoin.
“Cybercriminal groups that launch ransomware attacks have commercialized cybercrime, where the company’s revenue is based on ransom payments,” said Cole, who holds a PhD in information technology and whose latest book Cyber Crisis Protecting Your Business from Real Threats in the Virtual World was released on June 1st. “As a result, any company that needs timely access to information is going to be a target of attack, which makes the bike industry a target. Even if the bigger companies make the news, it is.” often small to medium-sized companies that are more likely to pay the ransom because otherwise they will go out of business. “
Cole said that cyber criminals are launching either a direct attack – against a specific company like Colonial Pipeline – or an indirect attack – by receiving a series of emails and sending malicious code, hoping to get clicks.
Direct attacks “don’t happen that often, but when they do they make the news like Colonial,” he said. “Most likely this would not happen to a bike company because it is not in one of the typical lines of business that it is targeting.
“It is very likely that employees or contractors of bicycle companies will be indirectly attacked. If someone clicked on it, the ransomware would infect the system and the attackers would demand a ransom.”
Cole said awareness is an important first step in minimizing the impact of ransomware attacks, but that alone won’t be enough. Proper training of your employees is more important.
“When selecting training for a company, the most important component is the effectiveness of the training,” said Cole. “Cartoons and quizzes don’t get the job done. It’s all about how the individual gets the message. Does the training bring home the key points that a person will seize?”
Additionally, software that removes or minimizes attachments and embedded email links used by ransomware is a necessary addition to training. And Cole warns that cybersecurity insurance can give companies a false sense of security.
“It’s important to remember that insurance companies go out of business when they have to pay for a majority or policies,” he said. “With ransomware being so prevalent over the past year, and particularly in the past few months, it is very difficult to get insurance, if not so expensive that it is not a viable option.”
Cole recommends reading any cyber insurance policy carefully.
“Look for exceptions where they don’t pay. In my experience, it’s better to invest the money in effective security because most policies either don’t pay or are too expensive.”
For more information on ransomware, see the July issue of Bicycle Retailer & Industry News.
source https://collegeeducationnewsllc.com/despite-at-least-four-instances-industry-is-not-a-ransomware-target-expert-says/
No comments:
Post a Comment