Cyber Security: A Step to Prevent Ransomware Attacks on Companies
By Darshanaa Varne
Introduction
On May 7th, the Colonial Pipeline, a company that delivers nearly 50% of the fuel used on America’s east coast, had its system compromised by a cyber-attack and had to temporarily shut down the 5,500-mile pipeline of oil. In just a few hours of the attack, the company paid a ransom of over $4 million. This attack by DarkSide was believed to be the largest ransomware attack in the US history on an oil company. Another similar incident occurred in 2021 to JBS, the largest beef supplier in the world. The incident largely impacted the food supply chain in the industry. In order to ensure the confidentiality of their data, the company’s CEO had no choice but to pay up the $11 million ransom as demanded by Revil. Unfortunately, these are not the only two companies that have been victims of ransomware attacks. More and more businesses are being targeted with this malicious act, and every file is vulnerable to encryption.
Cybersecurity, Cyberattacks, and Cyberthreats
These surges in ransomware attacks reinforce the importance of cybersecurity in companies. Cybersecurity protects computers, mobile devices, networks, electronic systems, and servers from cyberattacks. It also defends all categories of data from being damaged or stolen. This includes personal information, protected health information (PHI), personally identifiable information (PII), governmental and industry information systems, intellectual property, and any other sensitive data. There are four main cyberthreats that commonly menace a company.
Firstly, phishing is the practice of cybercriminals who send fraudulent communications that appear to be legitimate requests from a reputable source. Attackers use this strategy, usually through email, to steal sensitive data such as login credentials, passwords, or credit card information. Next, a Man-in-the-middle (Mitm) attack is a type of eavesdropping attack where attackers insert themselves into the middle of a transaction between two parties to intercept information or divert data. This often occurs while using unsecured public Wi-Fi to handle transactions which may result in bank funds being diverted to the attacker’s account. Thirdly, malware, shorthand for malicious software, is designed by cyberattacks to interfere with an organization’s network. Examples of malware include viruses, spyware, and ransomware. Lastly, a Denial-of-service (Dos) attack is a threat that blocks access of users by temporarily flooding the network with traffic that prevents the legitimate use of the service.
Alternative Ways to Limit the Impact of Ransomware Attacks
There are several ways a company can minimize the damage of a breach in cybersecurity. Companies can employ the usage of cloud storing services to backup files and data on the cloud to avoid completely losing them. Businesses should also use software such as Kaspersky, TotalAV, Wireshark, and Nikto that protects against unauthorized exploitation of systems to ensure the privacy of clients and customers. Lastly, companies may train and educate their employees who handle sensitive data through seminars to cultivate a cyber-resilient community in the workplace. This would also equip employees with basic knowledge to maintain their current defense system efficiently, either through monitoring the networks regularly or keeping the software up-to-date with new versions of updates.
Ultimately, the protection of internet-connected systems is essential to avoid catastrophic consequences due to opportunistic cyberattacks. Organizations should maintain a robust security infrastructure to create a safe space for day-to-day operations and confidently pursue the growth of the company.