An uptick of coronavirus-themed cyber attacks on hospitals, pharmaceutical laboratories and even the trucking industry in recent weeks reveal the need for businesses to double down on security to ensure their networks are protected, a leading cyber security expert said.
Many of the attacks were ransomware, holding companies’ network systems hostage until a payout was made.
Some companies, particularly small and mid-sized businesses, might not survive such an attack, said John Zanni, CEO of Scottsdale-based Acronis SCS, a leader in edge data security and cyber protection in the U.S. public sector.
“The pandemic has increased impacts on businesses significantly. Unfortunately, many are not equipped to deal with them,” said Zanni, whose company caters to public sector entities including local, state and federal government organizations as well as branches of the U.S. military.
Zanni strongly advises organizations to beef up network safety. The cost is minimal and today’s technology is highly effective.
A large organization that has its IT system knocked out can pay in the “hundreds of thousands to millions of dollars” to fly in a forensics firm to fix the damage, Zanni said. For smaller private sector entities, the cost can put them out of commission.
“If someone breaks into your business, you call 911,” he said. “If you call 911 and say, ‘I’m suffering a ransomware attack,’ they don’t know what to do. It’s a big problem.”
COVID-19 has brought the issue into the limelight as more employees work from home, doctors conduct telemedicine appointments, and online purchases soar.
Cyber criminals wreaking havoc with the word “corona”
Under COVID-19, cyber criminals are having a field day, honing in on companies in countries like the United States that are in the throes of fighting the virus.
To illustrate the threat, only 190 domain names included the word ‘corona’ last year, Zanni said. In March, there were more than 30,000.
“Some are legitimate but most of them are not,” he said. “We’ve also seen a 127 percent increase in exposed desktop protocol endpoints.
“So now we’re all working at home and the bad guys have realized there are a lot of holes in being connected to a corporate network or other business from home systems.”
Anyone with connectivity is at risk. Phishing scams claiming to be from the Centers for Disease Control and the World Health Organization are a common ruse right now.
Government agencies number one target
While all businesses are at risk, the majority of cyber attackers target government agencies in search of sensitive data, Zanni said. That impacts businesses as well.
When Baltimore had to shut down operations after a cyber attack last year, companies were unable to carry out everyday transactions like getting permits approved and bills paid. The city lost millions of dollars in potential and delayed revenue.
Atlanta and New Orleans also were hit by cyber attacks in the past two years, also costing millions of dollars in recovery costs.
Lawmakers starting to act
Attacks like these are prompting new state-level policies regarding whether government agencies should be permitted to pay ransoms in ransomware attacks.
Last year, Congress also introduced the IoT Cybersecurity Improvement Act to use the federal government’s procurement power by requiring that devices purchased by the U.S. government meet certain minimum security requirements. That could lead the way for manufacturers to include security in all devices.
It’s one of many cyber security bills awaiting action in Congress.
Concerned over the rash of COVID-19-related threats, a coalition of major tech groups also is asking Congress to allocate a portion of the next coronavirus stimulus bill to help local and state governments to defend against the costly attacks.
All-in-one solution for online security
Meanwhile, companies can protect themselves with minimal investment in solutions that do more than just block viruses and malware, Zanni said.
Acronis SCS and its international parent company, Acronis AIG, are the first to provide integrated security features in one package, he said.
In addition to endpoint security features like anti-malware and anti-ransomware, they provide backup, disaster recovery, storage, and patch management capabilities. While Acronis SCS exclusively serves US public sector organizations, Acronis AIG serves the commercial market. With Acronis AIG, small and medium-sized businesses with a larger server will pay about $1,500 a year. For a home user, the cost is about $50 per year.
Multi-step authentication to become the norm
In the near future, extra security measures will become the norm, Zanni believes.
COVID-19 is accelerating the need for it. Gone are the days when people left their doors unlocked and their keys in their cars, he said.
Digital devices are moving in a similar direction, he said. A safe login and password will no longer be sufficient. Dual factor authentication and integrated cyber security protection will become business as usual.
“This is just as important as locking the doors of your business at night.”