Cyberattack – Why are we so vulnerable

By the end of 2022, it is predicted that not for profits, associations, charities and SMEs will face more than 50,000 cyberattacks per day.

99% of those attacks are automatic, random generated attacks that can be counteracted by available basic systems (AV, Firewalls, SPAM filters, SPAM blockers).

These automatic random attacks are created by in-training cybercriminals and cyber activists (script kiddies).

Although the numbers are astounding they also indicate that we need to be vigilant at all times.

Because we still need to address that 1%.

That approximate 500 attacks are targeted at YOU and your organisation.

That is focused on gaining access to your stuff, stealing your money or encrypting your data.

How do we stop that?

We do not and can not stop it by believing “it will never happen to me”, “we are not a target” “we have nothing worth stealing”

We stop it by being proactive.

We stop it by taking security seriously.

We stop it with increased awareness!

We stop it with capability.

Doing nothing is not an option.

If you are frozen like a kangaroo in the headlights of a fast-moving truck then you need a push

A push in the right direction.

A direction that delivers better business security.

Like any complex and dangerous journey, we start with a single step.

That first simple step is to have a conversation with someone like me.

Cyberattacks

Ransomware – why is it such an issue?

In 2020 we saw a 100% increase in ransomware attacks.

In 2021 we saw a 100% increase in ransomware attacks.

Ransomware attacks are literally doubling each year.

This year can we expect any differently?

With those sorts of statistics, we should be afraid, very afraid.

But we are not.

You would think that we would be concerned.

But we are not!

In fact, in most cases, we make it overly easy for a cybercriminal to steal our stuff.

We need to look at this another way as the bad guys have changed – again.

On the internet, there is now “Ransomware as a service”.

As a criminal, If you have a little bit of money you can get a system that creates and delivers malware to anyone on the internet.

With the success of ransomware, they are guaranteed to make money.

We have to do more.

More than what we are doing because it is not good enough

We still use bad passwords.

Have you done a password review?

We have complete backups.

Have we ever tested them?

We have patched systems and operating systems.

Are there any systems that have not been patched?

How do you avoid a ransomware attack?

Is there recovery from ransomware?

That really does depend on you.

A ransomware attack can happen to anyone, at any time and on any systems.

If you think it will not happen to me then you could have a problem.

Ransomware is the scourge of cybercrime.

It can be enacted by people who have no technical knowledge and are just following a script and system that was downloaded from the internet.

It can be enacted by sending a couple of thousand email to a list of people that they purchased on the internet.

It can be enacted by targeting a group of internet addresses that they thought would be lucrative.

There use to be a thing called “security by obscurity” where you can hide on the internet and we’re relatively secure.

 

That capability is no longer a viable defence strategy.

If you think you will never be targeted, too small or have nothing worth stealing and you do have a cyber event there is little chance of you being able to recover.

But

If you have a different attitude.

If you think the opposite.

Then there is a chance that you will not be a victim.

If you think that you could be a target then you are already thinking about your response.

You are already thinking proactive.

You are ready to think of contingencies.

Even if you do have a ransomware attack then you already know and your team already knows what to do because you have thought about it.

You have plans, processes, procedures and policies in place.

If you have tested them and improved on them then that makes it even more possible that you will survive.

The old adage expects the best but plan for the worst is prevalent today against the cybercriminal.

Do a podcast they say, it’s easy they say. Sure it is!

Do a podcast they said, it’s easy they said!

Sure it is!

A touch of sarcasm there I am afraid.

My first idea for a podcast was to interview people who had been targeted, exploited and/or who had experienced a cyber event.

It would be full of information about, no wait…..

No one is going to talk about being breached!

That conversation, if they had lost thousands of dollars or worse closed their doors, would be way tooooo painful.

Although it would be of huge benefit to others and my target audience it would definitely be detrimental to the interviewee’s health

If they survived, talking about it would have a negative impact on their revenue, reputation and brand.

Not the best idea I have had.

Scratch that!

Second idea!

Let’s interview people in the industry.

A bit of research on the interwebs and it confirmed a long-standing realization that not-for-profit organisations, charities and small and medium businesses are treated shoddily by the cybersecurity industry.

After a couple of conversations, I soon realized that the best in cyber had very little understanding of the space that is occupied by organisations with less than 50 staff.

There are a number of people that are in the cyber industry who are wholly based in normal business and who understand cyber and smaller organisations.

I actually hope that I can interview them, but

Most do not understand the challenges and problems associated with a struggling small and medium business environment.

Where making a simple decision could mean that you have a cash flow issue, a marketing issue, a cyber problem or a going out of the business problem

So number 3 idea was born

There are two areas where everyone has problems in cyberspace.

The first are NFPs, Charities and SMEs.

Second, are the elderly and mature.

Coming soon as a podcast and video:

“Need help – ask Roger”

Cybersecurity for normal small businesses.

Some straight answers to cyber questions that the others are reluctant to answer.

A podcast about how to build resilience and security into your business from the basics up.

Get answers to the questions that you need to ask about business security

And to make myself even busier I thought,

“An old persons take on protecting their digital stuff”

The most under-protected user of the digital world are the elderly, retired and mature

This area of the population are uneducated and ill-informed but most important they are innocent to the true capability of the cyber-criminal.

This makes them the number one target for the cyber creep.

They are under constant attack through scams, extortion and fear-mongering.

Hopefully going to be launching them both this month, see lockdown has some advantages.

The first episodes of both of them went live this week all I have to do is find the URL for them

#nonprofits #smallbusiness #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo  #CareMIT #cybersecurity #infosec

Why didn’t I insure my bike?

wHAT iF

When I was in the Navy, I was based at Garden Island in Western Australia on and off for 5 years.

In that time I was relatively fit and I represented the Navy in a number of sports.

I would pedal to work (20Km each way) at least 4 days a week.

On a good day 40 minutes from the front door to the office.

90 minutes on the way home because you had to stop at the pub to get the goss

If you know the island you know that there is one problem.

No matter what direction you were going morning, afternoon or even if you had the luxury of knocking off early, you ran into the wind

On the causeway, the easterly and the sea breeze were always in your face.

Both of them could get up to 40Km per hour.

The only consolation was the flatness around the area.

One day my bike was stolen.

Taken out of the backyard.

It wasn’t until it was gone did I realize what it was doing in my life, apart from keeping me fit.

I didn’t have to drive so the wife could have the car to ferry the kids and do all of the other stuff she needed to do.

I didn’t have to drive so there was always extra money in the budget for everything we needed.

I could no longer come and go as I pleased, I now had to fit in with everyone else.

I could no longer go to the pub on the way home.

In fact, apart from the initial cost, the bike had cost me nothing.

This is what is happening in the digital world.

We do not know or understand the heavy lifting that our digital devices and services are doing for us.

That is until they are gone.

When they are gone, we realize that the business, organisation, association or ourselves have taken them for granted.

They were doing everything.

So an accidental loss, a cyber event or an insider will cause havoc unless you have stood back and thought:

What If?

What if we turn it all off?

Now what!

That “what if” makes you proactive.

It builds in resilience.

It is the first step to increased revenue, improved capability and scalability.

Have you looked at the business and thought WHAT IF????

Cybersecurity for the C suite executive (CEO, CFO,COO)

Cybersecurity for the C suite executive (CEO, CFO, COO).

Lets look at the facts!

No matter the size, shape or industry of an organisation.

No one is fully prepared for a full-on, bare knuckles, cyber ninja assault.

We are not talking about a random attack.

An attack that is being perpetrated against your organisation with Metasploit and a new copy of Kali.

This attack is from Mr. Creepy!

He knows what he is doing.

He knows what he is after.

But, more importantly, he also knows how to get it.

He has studied your organisation for months to find your weaknesses.

He has the skills and resources (very important) to break in and steal your crown jewels.

These are the people who give my industry grey hairs and stress lines.

Thinking that there is no way that you would be targeted by a professional is a grave mistake.

Because It no longer needs to be a professional!

They are quite happy to train others in the required skills.

They are quite happy to sell others their expertise.

They are quite happy to tell others where they are going wrong.

They have created capabilities and skills that they have incorporated into something to sell.

This increases the capability of the inexperienced cybercriminal immensely.

Want to avoid being on the radar as a prime target then YOU NEED TO DO SOMETHING.

Here is something to start with.

Cybersecurity checklist

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #cybersecurity #infosec

If you are not worried about a cyber-attack then you have probably not been given the right information

If you are not worried about a cyberattack then you have probably not been given the right information!

#Cybersecurity or business security should be one of those areas of business that keeps you up at night.

To tell you the truth it should be one of those areas that terrify you!

When the script kiddy targets you with a random automated attack it is not personal, it is just business.

If you have done nothing or very little in the way of protection then you quickly become a victim.

With the average time inside a network of more than 250 days, most organisations have no systems or capabilities to detect them never mind identify or stop them.

From initial infection to the point where your world ends can be as little as 24 hours or they can sit inside your network and wait.

6 – 12 months is normal.

In that time they are documenting your network, your people, your intellectual property, your systems, your access to money and anything else that they can find.

While you are blissfully unaware of them being there they are getting ready to deliver the coupe de tar.

In addition, while they are rummaging through your proverbial underwear drawers your systems could be spamming your friends, running denial of services attacks on corporate networks, bitcoin mining, storing porn for pedophiles all while they destroy your backups and other systems.

And that is just a random capability from an inexperienced criminal, just imagine what Mr. Creepy can do you if he singles you out and makes you his sole purpose in life!

We have put together a simple 2 page ransomware advice brochure (The before, during and after plan) that could go a long way to reducing the impact of a ransomware attack.

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo  #CareMIT #infosec

Download your ransomware guide