The danger of complacency makes hackers successful at phishing and ransomware.
The recent Colonial Pipeline cyberattack forced Colonial to shut down the pipeline. The shutdown created widespread fuel shortages in 11 states and Washington, D.C. All pointing to the true vulnerability of our companies and the detrimental effects of being complacent.
Complacency and phishing emails that spread malware are the main reason for the success of cybercriminals and ransomware attacks.
According to a December 2020 Digital Guardian blog titled A History of Ransomware Attacks, “ransomware has been a prominent threat to enterprises, SMBs, and individuals alike since the mid-2000s.”
Separately, according to the National Cyber Investigative Joint Task Force (NCIJTF), crimes such as financial fraud and identity theft are being exploited via the internet and technology through “the global cyber domain” every day.
To address this “evolving cyber challenge,” the NCIJTF released this FBI-IC3 Ransomware PDF Fact Sheet to educate the public on the ransomware threat.
The FBI’s Internet Crime Complaint Center (IC3) defines ransomware as; “a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.
The irony to this evolving cyber challenge is that ransomware was originally intended to target individual consumers. Consumers are low stake opportunities but are still targets.
Instead, cybercriminals have taken ransomware to a more lucrative level by targeting higher-stakes opportunities such as:
- healthcare (hospitals, medical groups, and dental groups),
- professional services (law firms, accounting firms, and consulting firms),
- education (high schools, community colleges, and colleges),
- government agencies (law enforcement, city, and federal agencies).
In addition, digital money or cryptocurrencies such as Bitcoin and Ethereum are now targets. Cryptocurrencies are difficult to trace and can be transferred electronically without financial institutions that are regulated by governments. This fact has made ransomware more profitable than stealing data and selling it on the Dark Web.
What to do about it.
Consumers and employees – especially small business employees – should receive security training on a regular basis. Education about the latest security threats via online education and phishing simulation tests can dramatically reduce the threat.
The reality is that cybercriminals depend on the phrase “breach fatigue” and for consumers and employees to be complacent and careless about cybersecurity.
Two good examples of email security threats that consumers and employees need to be aware of are (1) spoofing and phishing and (2) Business Email Compromise.
To conclude, the potential for cybercriminals to shut down your home computer, the company you work for, or critical infrastructures such as gas pipelines, electric grids, and water supplies; along with mass transportation, railways, bridges, tunnels, and even airlines – should be enough motivation for consumers and employees to NOT be complacent. Because… Complacency makes hackers successful!
By Mark Pribish
Vice President and ID Theft Practice Leader