For companies located in the tristate area, these are troubling times as a convergence of events have increased cybersecurity risk. The White House recently eliminated the role of the top cybersecurity coordinator... A position established in 2009.
This comes at a troubling time for business as the threat of attacks hasn't diminished one bit and is actually increasing. 2017 was a record year for attacks.
More than 14.5 billion malware-laced emails were sent in 2017, and there was a 1,000-percent increase in phishing efforts, according to AppRiver’s annual Global Security Report. The report also notes that 1.9 billion data records were lost or stolen as a result of cyberattacks in the first half of 2017 alone.
2017 illustrated a significantly lower barrier-of-entry to the world of cybercrime with the emergence of malware-as-a-service, with user profile names and credit card numbers readily available on the Dark Web and distribution of 20,000 messages for just $40.
2018 attacks started off with a bang as well with DHS, Forever 21, SSM Health and Oregon State Accident Insurance Fund Corp. being breached at the start of the year. We covered the news on January 4th.
What should concern us the most is the following:
Fairfield County, Connecticut, Westchester County, New York and Manhattan areas have already been targets of major attacks in the past.
In 2015 we reported on how Iran brought a cyberwar to the tristate area via a cyberattack on the Bowman Dam in Rye, NY, located in Westchester County. The infiltration of an industrial control system allowed the attackers to do physical damage to this infrastructure and could have resulted in injuries or deaths.
In 2016 we reported on the indictments of the Iranian hackers involved in these attacks as well as their targeting of 46 financial institutions, many in New York and Connecticut.
After President Trump pulled out of the nuclear agreement with Iran, many speculated the country would respond with cyberattacks. Prominent publications such as Wired, New York Times and ZDNet have run stories on the matter.
According to ZDNet:
A former insider with knowledge of Iran's hacking operations said the attacks are likely to be launched by contractors and thus pose a greater risk of spinning out of control.
Most importantly, those accused of hacking U.S. systems by our government were never apprehended meaning their methods, research and other information is intact and can easily be used to target us again.
Since the Northeast of the United States was a past target, there is no reason to think they won't hit this area again. Crippling banks is a great way to do damage to a country – especially the United States. Reducing confidence in western financial institutions would certainly help the Iranian regime.
As we saw from the last time they came after us, disparate entities were targeted but many were geographically close.
Without a person at the White House to coordinate, manage and advise business on incoming threats – especially in light of a potentially new cyberwar-style attack from Iran, many organizations are at risk.
Small businesses is in particular as they are generally unaware that many companies are put out of business as a result of a cyberattack.
To have a cybersecure company they need an internal IT policy review, penetration test, anomaly detection and team cybersecurity training. Apex Technology Services has an inexpensive way to get access to all these things via low monthly payments via Cyber360.Work. Often, companies need to start with training and for these organizations there is CyberTrain.Work.
To ensure an organization is safe – even if they have internal IT, they need to hire an experienced MSP or MSSP like Apex Technology Services. The company acts as an outsourced CISO and has experience helping numerous financial companies including the Fortune 200.