Depending on the scope of the attack, the cost of getting hacked can be in the hundreds of thousands or more. Here’s what you need to know. 

When it comes to cyberattacks, all too often the bad guys win. Hackers have targeted local governments, airports, banks, and businesses, stealing usernames, passwords, and sensitive private data. While they may sell this information on the black market, they often hold it for ransom. With no other way to retrieve the stolen data, victims are forced to buy back their belongings while the thief vanishes into anonymity. Here is a look into the true price of getting hacked and what you can do to protect yourself.

Lake City, Florida mayor Stephen Witt announced that the city would pay hackers $460,000 to recover stolen data. The thieves seized control of major email servers, bringing the city’s operations to a grinding halt. Witt claimed that cyber insurance would cover all but $10,000 of the ransom, though it’s uncertain whether the city met the policy’s criteria for protection.

Ransomware: An Alarming Trend

Ransomware attacks are on the rise, and victims are paying exorbitant sums to regain their data. Three attacks occurred in April 2019 alone, hitting Tallahassee, Augusta, and the Cleveland Hopkins International Airport. The ransomware forced operations to close, with the Tallahassee attack costing the city nearly a half-million. Hackers frequently target municipalities and government organizations knowing the high value of the stolen data and its importance in operations. In many cases, the data isn’t exactly stolen, but encrypted to prevent access. After the ransom is paid, the hackers unlock the data, or so they promise.

Research conducted by SentinelOne found that only 26% of U.S. companies that fell victim to ransomware and paid the ransom were able to access their files. And even if the hackers honor their end of the deal, they may attack again. In fact, organizations that ponied up the cash were hit again 73% of the time. What’s worse is that some cybersecurity providers are in cahoots with hackers, splitting the ransom between them.

 

MSPs at Risk

Managed service providers (MSPs) are often the strongest line of defense against hackers. Unfortunately, hackers know this and have started to attack the software and systems that MSPs use to protect customer data. By infecting these systems with malware, hackers can access account credentials and use them to log in to customer accounts. They can then obtain bank accounts, addresses, phone numbers, credit card numbers, and other private data.

How Can MSPs Fight Back?

As hackers become more adept, MSPs need to step up their game. Frequent testing of defense systems, backup and recovery plans, and other cybersecurity measures is a must. The National Institute of Standards and Technology (NIST) has published a framework to mitigate cybersecurity risk to assist MSPs in keeping hackers at bay.

As is the case in medicine, prevention is the best cure for cyberattacks. Cities, corporations, and businesses must work together with MSPs to reduce their likelihood of being targeted and have multiple plans in place if a breach occurs. By staying proactive, the good guys can make it difficult for hackers to get what they want.

Protect Yourself from Potential Attacks Via Chrome Extensions

Learn two simple ways to set the privacy and activity settings for each Google Chrome extension on your browser and steps the company is taking to protect users.

Google’s Chrome web browser is a popular choice for businesses the world over. Managing the extensions gives you more control and faster results when using Chrome to its best. Here’s a closer look at Chrome add-ons and how to use them effectively.

And with emerging cyberthreats targeting browsers, now is an important time to know your way around the extensions.

What Is the History of Google Chrome Extensions?

Google introduced Chrome in 2008. By 2010, there were more than 10,000 extensions available in the Chrome Web Store. Today, the company does not release the number available, but it’s estimated to be in the hundreds of thousands.

That growth brings with it an increasing vulnerability to attacks via vectors embedded in extensions. The company does work to keep malicious extensions out of its store but mistakes are possible. Other extensions can invade users’ privacy.

Should I Uninstall All Chrome Extensions?

Deleting all extensions is not necessary. Instead, use these two helpful tools to manage your extensions better and control permissions you provide to the add-in.

1. Use Extension Icons

To the right of the address bar, you’ll find icons representing the extensions you’ve installed. If you right-click on an icon, you’ll see an option titled “This can read and change site data” with three options:

• When you click the extension
• On [the site you’re on]
• On all sites

The default is the first option, which limits the use of the extension to user-activated times. If an extension is “loud,” meaning it uses a lot of bandwidth, these settings can provide more control.

2. Use Extension Settings

If you click on the hamburger menu icon to the far right of your address bar, you can click on the option “More tools” and click on “Extensions.” This will bring up a screen with a box for each installed extension. Click on the Details button for any extension you want to modify. You’ll see the three options again, but also an option to add the URLs of specific sites on which you want the extension activated.

What Can Go Wrong with Browser Extensions?

There are several risks to installing browser extensions. Here are a few of the ways extensions can do harm:

• Malicious intent. Malware can be installed unknowingly that uses your computer for other purposes. Kaspersky, for example, noted a recent example of extensions that made money for the hacker by clicking on pay-per-click ads.
• Hijacking. If a hacker steals a designer’s credentials, an extension can be compromised by changing the functionality or inserting malware.
• Purchases. Extensions are hard for designers to monetize. That’s why many are eager to sell their code if approached by a buyer. Users are usually unaware if extensions change hands, meaning a previously well-intentioned add-on can be repurposed.

Is Google Addressing Extension Security?

Google recently announced steps it’s taking to combat the security issues with extensions. Among its changes:

• More granular user permission options
• A requirement that extensions only request access to the minimum amount of user data needed to operate
• Expanding privacy rules for extensions. Those that carry user communications and user content will join those that handle personal or sensitive user data and need to post privacy policies

Proactive steps combined with Google’s efforts are critical to keeping your browsing and data safe and secure.

August 2019 Newsletter

Traditional business risk has fallen into a few different buckets with the economy and competitors being two of the major forces under consideration. The tides change, and businesses today must add some additional items to that list and one of the most important is the issue of data security.

View Newsletter