Businesses Need to Act to Scare Away the Hackers

By Bill Yates March 08, 2023

Two cybersecurity specialists spent time trying to scare business owners with stories about businesses that got hacked.

In "Hacking Trends and How Companies Can Fight Back" at ITEXPO 2023 in Ft. Lauderdale, Florida, the pros lamented how good the hackers have become. They also mused about how some company owners continue to resist using planning for disaster by backing-up data religiously.




The best you can do is try to scare away the less dedicated and sophisticated hackers, the experts said. "At the end of the day, none of us are going to be unhackable," said panelist Valentina Flores, CEO at security software producer Red Sentry. "Try to make them go to an easier target."

Professional hacking groups have thousands of vectors for attack available to them now, she said. "Really, the sky's the limit."

"Over one half of businesses that get hacked don't recover," she said. "They just close down."

Those that do make it, all the sudden find religion in their security software, she said. "The most secure company is a company that got hacked a year ago," she said.

Incorporating a secure backup system is a must if you want to get back on your feet quickly following a hack. "My first word is immutability," said panelist Stacy Hayes, co-founder and executive vice president of Assured Data Protection, a global managed services provider. "A lot of people claim it but don't have it."

Hayes said the first thing many customers do once they realized they go hacked is to "start pulling all the wires out of the backs of the computers." There's no plan, no backup and nobody on staff who can handle the problem, he said.

Companies need the ability to backup code that contains malicious code, then restore the data after the malware has been excised safely. "I say this all the time, cyber response planning is difficult," Hayes said. "But it's a very different thing once the balloon has gone up."

It's not just data that gets compromised during an attack, he said. "The most surprising thing to people after an attack is that they've lost access to their infrastructure," Hayes said.

Telecommunications consultant Peter Radizeski, president of RAD-INFO (News - Alert), moderated the discussion. Who does your company call if they get hacked with ransomware, he asked the panelists.

"Your first call on ransomware is to the FBI," Flores said. "Then you call your insurance company, then you call legal.

Flores says the FBI maintains a database of ongoing ransomware infiltration, so they may be able to provide you with information about how to deal with your specific hack, she said.

She suggested companies work with their security vendor to create strong vendor security policies. Flores said that more than 60% of hacks are initiated somewhere in your vendor chain.

Issuing security challenges to your own staff has positive benefits, she said. Keeping employees on their toes so they don't have to take remedial security lessons works, she said. "One of the biggest challenges is getting the customer to take the time to do the drills," she said.

Hayes says he puts his company through infiltration drills at least twice a year. Each effort results in a detailed report that helps them design their defenses against real attacks, he said. His company provides a certificate to clients who pass the test, so they can share them with the board of directors or other potential clients.

If you're new to the cyber security game, or you just haven't taken it seriously, a little effort can go a long way, Flores said. "Changing passwords once a month would be a good first step," she said. "Then get a cybersecurity audit."

"Ten percent of your budget is the minimum you should spend," she said. "It's getting more and more affordable, due to increased competition."

Flores says costs to recover from a professional hack range from $120,000 to $1.2 million. For larger businesses, the tab can run toward $4 million for a serious event, she said. "Whatever you're paying for cybersecurity, it's a lot less than a hack costs," she said.


Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Communications Correspondent

SHARE THIS ARTICLE

Navy Sets Sail with T-Mobile: $2.67B Contract for Next-Gen Connectivity

T-Mobile was picked as a wireless solutions provider by the U.S. Department of the Navy as part of the $2.67 billion Spiral 4 contract.

Read More

CallCabinet Expands Call Compliance via NUWAVE's iPILOT Platform

CallCabinet, a provider of call recording and AI-driven conversation analytics, announced its solution is available for Microsoft Teams and Webex Calling via NUWAVE's iPILOT platform.

Read More

Somos Earns Key Role in Securing Phone Calls with STI-CA Certification

Somos was recently approved as a Secure Telephone Identity Certification Authority, or STI-CA.

Read More

First Orion Introduces AFFIRM Reputation Monitoring for Enhanced Business Call Integrity

First Orion announced the launch of AFFIRM Reputation Monitoring, a next-generation tool designed to help businesses monitor their outbound call displays and protect their brand reputation.

Read More

CallTower Boosts Mobile Productivity with Teams Mobile Dialer

Cloud-based communication and collaboration solutions provider CallTower announced a new mobile productivity offering with the launch of its Teams Mobile Dialer solution.

Read More