Protecting Your Organization from Cyber Extortion
Jan 30, 2019
What is cyber extortion?
Cyber extortion has become an increasing cyber threat affecting small and medium-sized businesses in recent years. It’s the act of a hacker demanding money through the use or threat of a malicious activity to an organization’s systems and environment. Frequently, a hacker will use ransomware as a way to infiltrate an organization through hidden links in emails and webpages, providing access to internal systems, in order to demand financial payment.
An example of a recent cyber extortion campaign that occurred was through the hacking collective, Dark Overlord – which are known for attacking schools and medical centers through extortion-based scams. Kicking off 2019, they had allegedly obtained incriminating files of the insurers and wealth management firms of clients involved in the 9/11 attacks, and requested payment in bitcoin to withhold their information from the public. As stated in this article, the FBI believes that Dark Overlord was responsible for an approximate 69 cyber break-ins and the sale of over 100 million records of personally identifiable information.
Cybersecurity Best Practices
How do you protect your organization from cyber extortion in an age where hackers are more creative in breaching systems? Here is a list of different actions and cybersecurity best practices you can make to protect your information.
- Create and utilize a data and file backup strategy
- Ensure high availability by having network redundancy (ISP connections, regional data centers, etc.)
- Conduct security awareness training with heavy focus on phishing, spear phishing, and how hackers compromise businesses through email
- Perform background checks, limit privileges, and separate duties
- Implement appropriate technical controls such as NG Firewalls, IPS/IDS, AV and EDR
- Patch vulnerabilities sooner rather than later
- Have measures in place to detect and protect in DDoS attacks
- Ensure your business has cyber security insurance and adequate coverage
- Utilize a password manager and follow NIST best practices for strong passwords
- Incorporate data breach prevention tools and intrusion detection into your cyber security program
How Secuvant Can Help
Secuvant offers organizations a number of solutions to analyze and detect vulnerabilities in their environment, while making recommendations and providing tools to enhance your cybersecurity and detect and prevent attacks from occurring. Our 5-step approach to assessing cyber risk in your organization begins with a gap and risk assessment, which takes a look at the technology and internal processes you have in place and how they align with the top seven cyber risks we have mapped out. Protecting from cyber extortion scams, ransomware, and phishing includes having the right cyber security practices in place, as well as the right tools. Our managed detection and response service discovers, prevents, detects, and responds to threats 24/7 protecting you from hackers and their attacks, but don’t forget about having a good incident response plan in place in the event a breach does occur. You can never be too prepared in this day and age.
If you’re ready to safeguard your environment and protect your organizations data and information through cybersecurity, reach out to us at firstname.lastname@example.org or 855-732-8826 to learn more about our service offerings.