This summer, while most of us were on vacation and enjoying barbeques, ISIS supporters were busy attacking websites and wreaking havoc on the web.

Although dozens of sites were hacked and defaced with a grave warning to the American people, the event didn’t get covered widely.

The site brookhavenny.gov was down for 24 hours as a result of this breach.

The same pro-ISIS messages appeared on 75 other pages around the world, including government websites for Ohio and Maryland. The Department of Public Safety said the FBI and U.S. Department of Homeland Security are investigating the hacks. The Suffolk County Police Department’s cybercrime unit is taking part in the investigation of the Brookhaven hack.

Although this news dates back to June, it doesn’t mean it still isn’t of critical importance to other New York organizations and companies – especially businesses with assets to protect.

Aside from spreading propaganda, ISIS has an insatiable need for cash and was said to be benefiting from ransomware attacks. We had reached out to the FBI about liability associated with sending money to ISIS in response to a cyberextortion attack and didn’t hear back. Either way, you likely don’t want to send money to people you don’t know – even if your files are important to you and you need to get them back.

What’s the alternative?

The best defense against cybercriminals and hackers in general is to ensure your systems are as secure as possible. At the moment there is a major lack of cybersecurity talent available because of the major demand. As a result, your best bet is to look for a managed service provider (MSP) with cybersecurity expertise to help. Otherwise known as IT service providers, these firms can do a few things for your company which should help you sleep better at night.

1. Auditing and documentation of your systems is a fantastic way to get an outside perspective on what needs a to be modified to ensure your systems are as safe as possible. Quite often this is done in a new company when a new CEO or CFO comes in or if there is some reason to be suspicious of a past worker or contractor. The reality is, there is no bad time to do this.
2. Business continuity solutions such as backups which can be stored onsite and in the cloud is another area where an IT consultant can help.
3. Employee Cybersecurity training is another crucial area to consider – the workers in a company are the weakest link and quite often attackers are able to trick them into clicking links which encrypt your files and bring your business to a halt or even wire money to the hackers. This happens much more often than you would believe – we’re aware of hundreds of thousands of dollars which have been sent and a similar amount which was almost sent.
4. Penetration testing of your systems to ensure holes are buttoned up. Companies are often surprised just how vulnerable their systems were after they receive the results from such a test.

The bottom line is cybersecurity is now a CEO responsibility. Companies can no longer function if they are hit with a significant attack. They could be on the hook for the loss of business as well as loss of customers because credit card or other personal information is leaked. The reputational damage and resulting lawsuits should be a nother concern.

In other cases, compliance organizations require an audit and the company doesn’t have time to respond quickly to get their systems updated before the auditors arrive.

The bottom line, is although in the overall scheme of things, a single website being defaced isn't the end of the world. It shows just how easy it is for hackers to get into systems we thought were secure. Once there, they can do immeasurable damage. You need to be prepared before this happens to you and if it has, don’t expect it to be the last time.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.