The Biden Administration issued an urgent message to businesses: Private companies have a duty to protect themselves from cyber threats, not just for their operations but for the public and U.S. economy.
“Everyone needs to wake up and up their game in terms of protecting themselves,” Energy Secretary Jennifer Granholm told NBC.
Alaska businesses are no exception, with security experts warning that ransomware attacks are on the rise.
“Cyber attacks are constantly happening, and they’re escalating,” said Michael Wheeler, owner of Alaska Computer Support, which provides managed IT services for companies across the state.
Alaska Computer Support responded to a dozen ransomware attacks against Alaska businesses in 2020 that encrypted IT networks and demanded payment to release them, Wheeler said.
The hackers were criminal groups from outside the U.S., including Russia and China. Targets included an Alaskan construction company, law firm and doctor’s office, Wheeler said. The victims were small and large businesses, with revenues that ranged from $700,000 to hundreds of millions of dollars.
“These companies came to us as new clients,” Wheeler said. “We first had to direct them to turn everything off to stop the spread of the computer virus.”
The largest ransomware demand was for $80,000, negotiated down to a $25,000 payment, to unlock the company’s computer networks, Wheeler said.
Biggest vulnerability is human
“The big problem is humans at the keyboard,” Wheeler said about how hackers often gain access to a company’s online operations.
Employees and other computer users may unintentionally cause or enable the hacks to happen.
Alaska Computer Support educates companies and their employees about cyber risks and prevention, so they are more aware of their actions online and the potential consequences.
Hackers targeting a business may try to figure out an employee password by browsing the personal information people freely share online.
“Their kids’ birthdays or pets’ names — people post these things publicly on Facebook, and the hackers look for them,” said Wheeler, because they are commonly used as passwords.
Hackers track individual employees to access entire computer systems.
“If I wanted to get access to top-level security at a company, I would find out who is the individual who controls that information and access their personal information,” Wheeler said. “If that person uses a virtual private network that ties into their office to get back-doored into their system at work — from an IT standpoint — that is a vulnerability that is nearly impossible to fight.”
Businesses can take steps to prevent attacks and mitigate the costs that come with a breach, Wheeler said.
Maintaining backup systems offline is critical.
Backups are copies of collected data that protect against human error, malware and computer malfunctions. They help to restore operations after a cyber attack.
The ransomware victims who contact Alaska Computer Support often do not have backup systems, Wheeler said.
Hackers exploit vulnerabilities
No company is safe from a ransomware attack, regardless of size or location, said Anne Neuberger, deputy national security adviser for cyber and emerging technology.
The Biden administration issued a five-point plan urging companies to safeguard against cyber attacks.
It includes developing an incident response plan to address key issues:
How will the company continue operations without access to certain systems? Will the company turn off operations if business systems such as billing are disabled?
Other recommendations include:
• Encouraging employees to have multi-factor authentication to access email, in addition to password protection. Passwords often are compromised. The Colonial Pipeline system was hacked after a password was stolen.
• Deploying an endpoint detection and response system that monitors and mitigates risks. The programs track down and block malicious activity before it can cause damage.
• Making sure a company’s IT team is empowered to patch vulnerabilities rapidly. Hackers seek out systems that fail to fix problems in a timely manner, and they exploit those vulnerabilities.
• Using a third-party tester to stage a cyber attack to check online security and defense. The tester will look for unlocked doors and vulnerabilities.
National conversation on cybersecurity
Private businesses historically do not prioritize cybersecurity and make the investments necessary to protect and defend their online systems, Wheeler said.
But the high-profile Colonial Pipeline attack by the Russian group DarkSide may be changing attitudes.
Wheeler believes that the Colonial attack heightened awareness of ransomware attacks and the toll on consumers, businesses and the economy.
The hack, which led to gasoline shortages, prompted a national conversation that continues today.
“There is a laxness in society that allowed this to happen,” Wheeler said.
“Americans are being targeted. These are massive attacks across networks on a daily basis.”
Contact political reporter Linda F. Hersey at 459-7575 or follow her at twitter.com/FDNMpolitics.