There's no doubt that cybersecurity is being pushed to the forefront of needs for businesses. Cyberintrusions have increased 400% in the Age of COVID, with particular impacts in SMBs, and financial fraud. Did you know that the average ransom paid in 2021 is now $310,000 and the average downtime for an organization due to a ransomware attack is 21 days? This can really hurt your businesses and that's why Ken and Michael from A Shot of Business Central and A Beer podcast did a question and answer session with Information Technology Specialist Keith Stefanski.
Michael: What is a ransomware attack?
Keith: I guess the first thing I would say is that a ransomware attack is not the actual attack. They’re usually delivered through different means, whether it’s through a Trojan or some other kind of malware infection, this is what usually gets them into your system. Then the ransomware itself is pretty discrete. It doesn’t look like a threat to regular antiviruses and regular spyware scanners. It’s looks like just a regular program. Then these cybercriminals are using this program to see what you have, where you are, what you’re doing, and to see at what point they can launch this attack once they have the credentials and information they need.
Michael: So, the program is disguised well and could be sitting on your server for a good amount of time?
Keith: Yes, for a good amount of time. The program can be waiting until it got the proper permission that it needed to do a successful attack.
Ken: I think a lot of SMBs just naturally think they are a 20-million-dollar manufacturer of widgets, they’re kind of under the radar, and nobody is going to come after them, but I don’t think that is really the truth. These are automated programs that are just looking for servers and computers to attack, correct?
Keith: Correct. There’s definitely no discrimination when it comes to these types of attacks. It’s an open game. The cybercriminals don’t care how much money you make, how little you make, what you’re selling, or what you’re not selling.
Michael: To the attackers it must seem like it’s a numbers game.
Keith: Yes, that’s exactly what it is. A lot of these things get started with phishing and spoofing emails. They send out a million emails and hope to get one person to do something and then it just spirals out of control.
Michael: Recently there was a Microsoft Exchange attack known as Hafnium that effected NAV users, Business Central users, and a lot of other people. I’ve heard that in special cases the FBI has been granted permission to access the infected database and clean things up without having to inform you that they are in your system. Is it true that the FBI has been granted access to certain data and does not need to inform the data owner?
Keith: The FBI was granted a search warrant to be able to get into and monitor systems for these known queries that they were seeing with the infections, they were then able to go into the system and disable these web queries without notifying the end user of it. After the fact they did have to notify the business of what they did. These businesses got letters saying what they were able to do and what they were not able to do. What they were able to do was disable these web scripts and what they weren’t was look at your data or get anything personal off of your system.
Michael: If your organization was breached and you know the FBI cleaned up the infected files, is there a need to still reach out to an IT professional? Is it possible the FBI could have missed something?
Keith: You definitely should be reaching out. I think in the letter from the FBI it tells you that they disabled the lowest end of these scripts and the rest of it is still out there. I’ve seen it personally on a couple of systems. We had to get in there and do cleanup after the fact to get rid of all the rest of it that was under the hood that could have possibly started all over again or opened up doors to other things. So if you’ve received a letter from the FBI don’t just assume that it’s cleaned up and that you are good to go.
Ken: What about backups for protection?
Keith: That’s the last thing of protection. The last frontier of protection for your networks. If all these other protective measures don’t work having backups are your last thing. Cybercriminals can’t take those from you, especially if they are secure backups. A backup on a USB thumb drive that is still on the server over night that’s been sitting there for 30 days, it’s probably not a good backup. Cybercriminals can encrypt that and do things to this backup as well. Now, a backup that’s going off to a secure location like Microsoft Cloud, Azure backup, and things like that where you have to have proper keys to get the data out of the system, cybercriminals wont be able to get up there to get your data out of the system.
Ken: So, cloud backups, am I backing up my whole server so that I can just restore to a virtual server or am I restoring my actual data like my database and my files?
Keith: This is all a la carte and depends on your company’s needs. Maybe the 100 user 200 million dollar company wants backup in 4 hours and therefore would need a disaster recovery sitting in the cloud that can be spun up as soon as that network went down. Maybe you have a mom and pop 5 user company with a couple hundred gig of data that would be ok with weekly backups and maybe only have a need to backup their data (the stuff they can’t recreate). They can always reinstall QuickBooks, NAV or Business Central but they can’t get the data back so there’s different ways they can do this depending on their needs and financial resources.
Ken: With Microsoft and Azure is it all based on the volume and the frequency of your backups? So, to be clear, if I’m a smaller company and I’m just backing up my ERP database and maybe a shared network drive up tot the cloud that’s obviously going to cost me much less than say a full disaster recovery plan where I can have some servers up and running within a couple hours.
Keith: Correct. There’s no cookie cutter price or option you can give because every company will be different. It doesn’t always go off of how big the company is by employees or by how big their data is. It can be a personal thing. Some people might take it more seriously and know they have every single thing backed up.