Cybercrime is in the news almost as frequently as COVID

 It seems not a day goes by lately without reading or seeing a news report of another cyber breach. It’s barely a month since we learned of an attack on America’s largest gas pipeline operator, Colonial Pipeline Co. That ransomware attack shut critical conduits used to deliver fuel from Gulf Coast refineries to Southeast US markets. The shutdown led to fuel shortages across the east coast as Americans approached their Memorial Day weekend. With shortages came reports of panic buying and price spikes.

Not only is cybercrime not going away; it’s escalating and evolving

Then, just over a week ago, another ransomware attack led the globe’s largest meat producer to shut down all its American plant operations – and to reduce or idle operations in Australia and Canada. JBS S.A., a Brazilian company, supplies almost 25% of the US market. Shoppers may see prices increases as a result of the breach.

The breaches at Colonial and JBS are but two of the latest; if we were to compile a list of known breaches, it would include high profile organisations and small employers alike, along with civic, health, education and government entities. 

Nor is the JBS breach unique within the food sector. Allan Liska, senior security architect at Recorded Future, a cybersecurity analytics firm, has noted in excess of 40 publicly reported ransomware attacks against food companies since May 2020. You’ll note Liska referenced attacks that have been publicly reported. That’s because not all cyber breaches are reported.

The Colonial breach involved a single password

Yesterday, Colonial’s CEO spoke before a US Senate committee, which convened a panel to examine threats to critical US infrastructure. I watched a portion of this session, in which the CEO told senators the hackers accessed Colonial’s system by stealing a single password. The CEO took care to state that the password in question was complicated. It came down to an absence of what’s known as two-factor authentication (2FA), which some refer to as Multi-Factor Authentication (MFA).

Be aware, rather than alarmed

We need to be concerned about such breaches, regardless of where we live, and whether or not we’ eat meat or rely on gas. I’ve been speaking about cybersecurity at conferences, for corporate audiences and in webinars for some time now, and the problem is not going away. It’s escalating and evolving.

Ransomware and Bitcoin

Cybersecurity firm Herjavec Group recently reported that the average 2021 cost of recovery and ransom related to a ransomware attack has doubled the average 2020 ransom demand. Bitcoin is a form of payment.

Click here to register for Shelagh’s June 17, 2021 webinar on cybersecurity and personal data

One June 7, 2021, US government officials announced the recovery of most of the Bitcoin paid as a result of the cyber attack on Colonial. That country’s Department of Justice recovered roughly 63.7 of the 75 Bitcoin ransom. Given this last month’s declines in Bitcoin values, the late May 2021 seizure represented $2.3 million, or just over 50% of the $4.4 million paid in ransom.

No sector or employer is immune

 Herjavec Group recently identified victims of data leak ransomware operations over the first half of 2021. The sectors include manufactured goods, followed by technology and technology service providers, public sector and legal services, finance, healthcare, education, entertainment and energy.  Bloomberg News has reported on the significant financial pain hacks have inflicted upon technology, retail and healthcare “giants”.

Through my Weekend Polls over the course of four consecutive years (it’s almost time for a 2021 check-in), I’ve asked readers about their cybersecurity awareness. In June 2020, I asked readers to choose one of three ratings to identify how much of an issue they considered cybersecurity to be – in both the workplace and in their personal lives. Given a rating scale of one (not concerned) to three (very concerned), 69% chose the very concerned rating for the workplace, while 51% chose the same response with respect to cybersecurity in their personal lives.

A whopping 70% said they were aware of cybersecurity breaches having occurred at their current or prior places of employment. Seventy-two percent of respondents said they’d increased attention to and care of cybersecurity given the pandemic and the increase in remote work environments. That was good news, particularly since it’s not uncommon for people to use the same password or passphrase for more than one work account or login. That was the case for 43% of respondents.

Breaches during COVID

Ransomware attacks have become more sophisticated and targeted in this year’s first two fiscal quarters and, while much of the world has been working remotely since early 2020, hackers (“threat actors”) have been having a field day. 

“Shelagh’s ability to engage her audience and impart her knowledge of cybersecurity in a personable and relatable manner are what make her one of the best to do it!”

Consider a Bloomberg report updated on May 18, 2021. It stated that, since January 2020, 774 million records have been exposed through breaches of 58 corporate, government and non-profit organisations. 

Our personal data

In my presentations, I’ve consistently cautioned against the intertwining of personal and business data. When we use even a single piece of hardware for both personal and career purposes, a breach of data on that hardware has potential to impact both aspects of our lives.

Commoditization of personal data is on the rise

Increasingly, with commoditization of personal data also on the rise, we need to be aware of inadvertent or seemingly innocuous browsing and other habits that expose our personal data to risk. 

Join me Thursday, June 17th

No one wants to be involved in a cyber breach, or see their employer’s name in headlines as a result of a hack. Countless intelligent people have fallen prey to hackers. It’s easily done, particularly when we spend so much of our lives online. What we need is to be aware of cybersecurity and personal data risks – and to continue to pay attention, since hackers continue to evolve their practices. 

Join me for common sense ideas on how to recognise and mitigate risks; click here for details and to register

That’s why I routinely update this presentation to reflect emerging risks. I’ve expanded the presentation to share insights on why we want to pay attention to the commoditization of personal data, and to be aware of seemingly innocuous online practices in which people may be giving away more data than we realise. The better informed we are, the better positioned we are to mitigate risks. 

While we’ll cover some technical terms, I’ve designed this course for those who are not IT experts. If you’d like to learn more and register for this course, you can find details on my Eventbrite page.  You can expect common sense ideas on how to recognise and mitigate risks. If we’re based in opposite parts of the globe, you’ll be glad to know registrants also have access to a recording of the live session, along with a companion workbook.