Ignorance Isn’t Bliss When it Comes to Cybercrime
The things you don’t know can’t possibly hurt you, right? The old “ignorance is bliss” philosophy may have been acceptable before the information age, but today, ill-conceived opinions and ideas that find their way to a keyboard can destroy your business. You must think more carefully about the things you do and what you and your team members may say in public forums. If not, you may ruin your brand and take food off the table of employees and other colleagues and their families.
Information can be both useful and damaging to a business. For example, something that caught my attention recently that didn’t get much play outside the channel was the emergence of Sodinokibi. This cybercrime syndicate uses malware to steal companies’ data and sells it to the highest bidder. As you’d expect, those hackers are targeting sensitive financial information that competitors would love to get their hands on, as well as sensitive and embarrassing documents and email conversations. The objective is to blackmail the company using that information. If the demands of those cybercriminals are not met, the sensitive data will be released or sold, which will compromise the targeted company and harm its reputation.
One of that group’s more notable heists was an attack on the law firm of Grubman, Shie, Meiselas, and Sacks. While you may not recognize their name (count me in that group), they represent some of the world’s A-list stars, including Bruce Springsteen, Madonna, and Elton John.
In the Grubman data heist, the Sodinokibi ransom demand was $42 million, with the cybercriminals threatening to destroy the company if their requests were not fulfilled. The syndicate also suggested other high-profile clients and associates, including Donald Trump, would be pulled in if they didn’t pay. If unsuccessful, they planned to release personal emails with humiliating and damaging information.
Cybersecurity Concerns on the Rise
The Sodinokibi Jefe release was just the tip of the iceberg. Most recently, they leaked sensitive information on two of the largest wholesalers, Harvest Food Distributors, and Sherwood Food Distributors. Cybercriminals demanded $7.5 million to go away after successfully stealing proprietary information, personal data on vendors, and employees’ email conversations. Imagine being a fly on the wall listening to those corporate discussions.
Why has 2020 been such a big year for Sodinokibi? First, people are distracted with all the problems in the workplace during the COVID-19 pandemic, as well as all and other issues facing our nation. Second, ransom amounts for this type of extortion have increased by 33% from Q4, 2019, and those numbers continue to grow. Finally, the work from home situation makes many employees easy targets.
The remote workforce is more vulnerable than ever. People share computers with family members, access work systems without using a firewall, and use antiquated equipment with few if any security measures in place. What a haven for hackers!
People are the Weak Link
Human ignorance is the new cybersecurity Camelot. Things such as the unfiltered dialogue between employees, when exposed, can put the whole company at risk. Ransom demands over damaging personal information can be as big of a problem as cybercriminals holding valuable business data hostage. Without multiple layers of security in place to compensate for employee mistakes, your clients are at high risk.
Email is one of the biggest failure points. Employees tend to share too much information all too freely when they should be communicating like someone under surveillance talking with their hands over their mouths. A little caution goes a long way.
Companies can be destroyed with the information that comes from the mouths of senior executives or the intern who works just three weeks of the summer. MSPs may not be able to stop loose lips, but they can remind clients to use tools that protect vital communications and stored data.
Ignorance is no longer bliss! You have what it takes to help businesses protect their communications, whether their people know it or not.
Author Matt Scully is channel chief at Mailprotector. Read more guest blogs from Mailprotector here.