Just how scary can a ransomware attack be?
“Our hospital is down.”
A ransomware attack targeting more than a dozen hospitals in England has crippled their ability to treat patients. 16 hospitals have had to cancel surgeries, divert patients, and even lost access to their phone system because of the cyber attack on Friday, May 12, 2017.
In the ransomware attack, hackers gained access to internal systems, locked the files, and demanded payment in Bitcoin. The hacker threatened to delete files and increase the fee as time passed.
The hospitals shut down all IT systems to protect them. But, clearly, it’s already too late.
Emboldened by successful attacks, the hackers are setting their sights on larger targets, while increasing the number of small and midsized businesses they go after.
Employees continue to be the weakest link in your company’s IT security.
Along with ensuring you have the proper security tools in place, it is vital employees attend cyber security training. It is also a best practice to update employees about cyber security risks through updated information in company newsletters or regular training courses.
You can get started with this training by downloading TNT’s whitepaper “Top Tips for Internet Security at work” to distribute to your employ
The Network Team president Jeff Gaura has extensive training in cyber security, and you can hire him to come onsite to perform cyber security training. Call 980-263-2850 to learn more about those services.
Preventing the Success of Ransomware Attacks
From an IT level, a solid business continuity plan is one of the best ways to prevent a ransomware attack from succeeding.
Anti-virus software and simple backups are not enough to save your files and keep your business running. You need a solution that can verify backups, deliver instant cloud virtualization, has the ability to see into your files and know when the virus took hold, and perform a restore that takes minutes, not hours or days. Business continuity will give you access to your captive data.
Stay ahead of the hackers trying to get into your network. Download “The Business Guide to Ransomware.”
The Internet of Things legal woes
Surely, you’ve received something in the mail (yes, things of interest and concern do show up in a non-electronic format these days) referencing a recall for something you own with the fine print including the word “defect.” Cars come to mind as the most obvious item that gets subject to defects and subsequent recalls.
In nearly all cases, the manufacturer who made the product had no idea that the product was defective when they implemented it and started selling it. In some instances, the defect doesn’t rear its head until years after the product is released. Airbags and seat belts come to mind as splendid examples of items found to be defective literally years after people started using them.
Let’s apply this culture of discovery and litigation that defines US business and extrapolate as to how this shall pan out. Better yet, let’s look at some real-life examples in the space now called Internet of Things.
Imagine a hacker finds a vulnerability in, say, an IP enabled watch. Anyone exploiting such a vulnerability would be committing a felony, but luckily, no exploit happens. But before you know it, the watch manufacturer is slapped with a class action lawsuit claiming economic injury because some consumers would not have bought the oven if they knew it was “defective”—i.e., that it was susceptible to potential third party “hacking.”
Cases already underway
Far-fetched? Anything but! Two cases of this very event have gone to litigation, and there most certainly are a backlog of other cases yet to be heard. In Cohen vs. Toyota Motor Corp plaintiffs claim that vehicles that contain electronic control units could be hacked, even though no such exploit or breach has been found. The plaintiff seeks monetary damages despite the lack of any loss. A district court in California dismissed the suit but it is now on appeal in the 9th circuit. Flynn vs. FCA US LLC, alleges vulnerabilities in Chrysler’s uConnect system that they argue could allow a hacker to take control of the vehicle.
COULD allow, not HAS allowed.
In each case, the plaintiff knows that their claim is based on the court’s definition of “defective.” In the event that the FCC or similar entity doesn’t begin to regulate or define additional standards for I of Tthings devices, you should anticipate that the big technology manufacturers most capable of creating and taking to market IoT innovation shall remain in hiding. Under the old-world definition of “defective” Windows CE devices, Windows XP, older IOS enabled devices and the like are on a collision course to be labelled as defective, once they are deemed to be “end of life” and end users will have a legal recourse if they get hacked, long after the devices are no longer useful.
The pink elephant in the room is that IoT devices have populated our workspace, and they are, for practical purposes, untracked and unmonitored. The job is in the court’s hands to sort out, and there is just no way this item is that important to them, when compared with all the other items that traverse the dockets of our current judicial system.
Get smart with Internet of Things. Recognize that there is no standard for the manufacture and care for IoT devices. Create some policy for the use and implementation of IoT devices that engages both your management/leadership and your IT department, before the unthinkable happens.
“The best way to explain TNT and their work is that they exceed expectations…in ability, intelligence, dedication, customer care, responsiveness, etc.” Ashely Lantz, Turning Point Executive Director of TNT's managed IT services
Turning Point is a non-profit based in Monroe, NC that aims to end domestic and sexual assault. Executive director Ashley Lantz approached The Network Team after receiving less than ideal experience with the current IT provider. This included frequent disruptions in service that adversely affected the ability of employees to do their jobs effectively. The current managed IT services provider was not meeting expectations with regards to responsiveness and on-site support.
The Network Team performed a migration project that enabled Turning Point’s technology environment to be better equipped in serving its business needs. This included moving Turning Point’s server from their old MSP’s cloud to on-premises, ensuring better up-time availability and simplifying the setup, as well as migrating Turning Point’s e-mail services to the Microsoft Office 365 cloud. TNT also installed Cisco Meraki access points, switching, and a firewall for better WiFi coverage, faster connection speeds, and more reliable security. Referencing the project, Lantz noted that
“TNT has provided the BEST customer service and dedication to our needs that I have ever had. They have consistently exceeded my expectations in response time and grit to get the transition completed successfully. Any issues that have occurred have been corrected. The engineers worked through the night to have us ready to work the next day.”
TNT will continue to proactively manage the IT environment of Turning Point, providing help desk support via e-mail, phone, ticketing system, chat and on-site support. TNT will also proactively monitor the server, switches, firewall and wireless access points, and maintain continuous IT security.
“I have nothing but great things to say about our transition from our old IT provider to The Network Team (TNT). They worked diligently to make sure that everything was taken care of. We met from the start to decide what was needed and they worked with ourold provider to make sure that everything was moved over correctly. IT transitions are always scary, but TNT made sure to answer all of our questions and worked around the clock to make sure that we weren’t down during this time,” said Lantz.
Wondering if Managed IT Services can help your business? Learn more by downloading our free E-Book, "Should Your Company Outsource IT?"
“Let’s hack and disable your cell phone. Start whistling in three, two, one, GO!”
Researchers at the University of Michigan and University of South Carolina claim to have discovered that music could be used to disable or, to a certain extent, even control some IoT devices. The researchers say they were able, through sound waves, to add steps to a Fitbit tracker and interfere with a cell phone app’s ability to control and access Internet of Things devices.
What does this mean? As IP enabled devices become more and more common, we are culturally on a course that the most likely device that we will use to control and interface with them is our cell phones. These IoT devices use chip based devices that are built upon the architecture of micromechanical systems (MEMs). Since these devices lack standards or shared design criteria, there is no governing body to say, “this is good or this is bad,” when a new product comes out.
Common examples where exploits are known and published include the interfaces between fitbits, drones and toy cars with your cell phone.
There are IoT devices in your workplace, today, whether you approved them or not. For example, I am wearing a Garmin watch that supports Bluetooth and wireless, and it is connect to our office public Wi-Fi. Since I know the logon information for the corporate Wi-Fi, I COULD put my watch on the private network, and, more likely than not, no one would know that it was a watch. After all, it has logged on with a valid username and password, and it is logging on from a known location-the office. What if my watch got hacked and became a proxy for, say, a server that was sending out inappropriate content?
Who is at fault? The network admin for not having enough security? Me, for not notifying the network admin that I have an IP enabled watch? Garmin, for making a watch that is hackable?
The IoT world is changing who we use technology. The lack of standards or the inability to track device proliferation shall make the news with ever growing frequency.
It is best to respond to this threat before it is a problem. Mobile Device Management can help. Learn more about TNT's Mobile Device options here.