By Scott Singer
July 17, 2021
The connected nature of today’s world creates great opportunities for reaching people and customers, but it also allows the same opportunity for hackers. Covid 19 pushed the workforce outside the normal network perimeter generating even more opportunities for hackers. In this environment, it was only a matter of time before ransomware attacks evolved and combined with supply chain attacks.
Ransomware is Increasingly Lucrative for Attackers
Ransomware as a Service (RaaS) is a business model where bad actors can lease software similar to what legitimate Software as a Service (SaaS) developers create. Anyone can subscribe to the service for as little as $40 a month and have access to tools that they would not be able to create themselves. When the average ransomware demand is $234,000 you can see how this could be attractive to those void of ethical business practices. In 2020, the total ransomware revenues were nearly $20 billion up from $11.5 billion the previous year, PurpleSec reports. It has become highly lucrative for attackers and is especially hard on small businesses that have few resources to deal with that type of attack or business shutdown.
Ransomware Attacks Are Targeting Trusted Companies
In the past couple of years, attackers have shifted their crosshairs to target trusted companies as a new threat vector. This type of attack is called a Supply Chain Attack. Attacking a supply chain is a force multiplier for the hacking organization, allowing them to do a targeted attack while catching a wide net of unsuspecting victims. Some recent examples include SolarWinds Orion (an IT performance monitoring tool) and Microsoft Office Exchange Server (which many use for email). Most people update systems without even thinking there is a risk. We have all been conditioned to accept the software updates that happen continuously all the time as a way to protect us from the most recently found vulnerabilities. It is extremely insidious when the trusted patch is itself the vector for the attack.
But SolarWinds and Exchange server aren’t the only attacks you will have heard of this year. The Colonial Pipeline ransomware attack impacted large portions of the US fuel supply for several days up and down the East coast. The ransomware attack on the JBS meat processing facilities resulted in disruption to the processing of the meat supply and contributed to higher prices at the grocery store.
Small Businesses Especially Vulnerable to Ransomware Supply Chain Attacks
Small businesses normally don’t have their own IT groups. They often rely on Managed Service Providers (MSPs). When the MSP gets hit with a ransomware attack it can be devastating to small businesses. These businesses completely rely on their MSP to keep their business up and running. A ransomware attack can virtually take them out of business. Small businesses just don’t have the ability to pay ransoms nor spend the kind of money really needed to protect themselves from these attacks.
Average costs for a Managed Service Provider (MSP) can run to $150 per end user in a business. Adding the costs associated with a Managed Security Service Provider with incident response and a Security Operations Center (SOC) can run up to $200 per user per month. MSPs and MSSPs are different animals. MSP focuses on helpdesk, support and keeping systems up while MSSPs focus on managing the security of devices and systems. In today’s world, businesses that outsource their IT need both. This can become cost prohibitive.
The US government must create incentives for MSSPs to develop cyber security solutions for small business. Grants should be made available to harden and protect these environments. Similar to rebates for installing solar panels on your home, cyber security for small business is in the interest of public good – and the very protection of the Nation’s economy.
As ransomware continues to emerge as a highly targeted threat to businesses of all sizes, and we wait for the government to incentivize better security, small businesses would be wise to follow a few basic strategies to keep themselves safe:
• Make sure you are backing up your critical data regularly, then disconnect the backup from the internet.
• Encrypt your data, if it is stolen it will be useless.
• Patch your systems regularly.
• Turn on multi factor authentication everywhere you can.
Scott Singer is the President of CyberNINES which focuses on providing consulting services to support the DOD (Department of Defense) supply chain in meeting cyber security requirements for protecting CUI (controlled unclassified information).
Recently on June 24, 2021, Scott testified before a US House of Representatives subcommittee on the Cybersecurity Maturity Model Certification (CMMC) framework and its impact on small businesses. Full bio