To quote the Fiddler on the Roof. “That I can tell you in one word.”
It’s an ever-growing global threat where the attackers hide behind computer screens and everyone from governments, industries, and individual private citizens is affected. It’s here and it goes way beyond the short-term inconveniences of skipping beef for Father’s Day or waiting in long lines for gas. It’s nothing short of a national security threat.
And as long as it’s profitable to the tune of billions of dollars, it’s not going anywhere.
How Did We Get Here?
According to the The New York Times reporting, the Facebook model of “move fast and break things” is catching up with us. Companies followed this model to build their systems quickly and beat competitors to the market. And now the age-old lesson that cutting corners ends up being worse for you in the long run? Well, here it is—hitting companies with painful consequences like like enormous ransom fees, loss of business operations, compromised data and damaged reputations.
While it’s a very rude awakening, it’s not a new problem. Attackers have been honing their skills and wreaking havoc quietly for years. What started with attacks on individual devices for a few hundred dollars at a time has grown into this current issue that puts billions of dollars on the line and includes national security risks.
What’s new about it is that people are feeling the effects personally.
Who Is Behind The Attacks?
According to published sources most of the attackers have one thing in common: They originate in Russia. Attackers write code specifically designed to bypass Russian businesses and the government has given them a free pass. Putin will not prosecute cybercriminals or extradite them upon U.S. request. Experts believe that Putin operates under two unspoken rules:
- Don’t attack Russian businesses.
- Be ready to do favors for the Russian government upon request. (who? the attackers should be ready to do favors?
What If Companies Don’t Pay?
In 2019, cybercriminals attacked the city of Baltimore and demanded $75,000. Baltimore decided not to pay it and ended up paying $18 million to rebuild the systems instead. The theory is that if all companies refuse to pay, hackers lose their leverage and incentive.
But the bigger the impact, the more leverage the attackers have. When you see hospitals turning away ambulances at the door because they have no way to intake new patients, it becomes really hard to ignore or take the time to rebuild systems altogether. It’s not illegal to pay the attackers and many companies find it much more cost effective just to pay up.
Hackers, then, are rewarded for their efforts and the cycle continues. The result? Companies spend millions in ransom to get their compromised systems running again, individuals have their personal information compromised regularly and governments are grappling with an issue they’re now ranking as dangerous to national security as terrorism.
&^$#! What Can We Do About it?
On an individual level, it really is as simple and unglamorous as brushing up on cyber hygiene. The Daily podcast cites the saying that,”security is only as good as your weakest link” and it usually ends up that the weakest links are employees and individuals. The Colonial Pipeline attack was traced back to a single employee with a compromised inactive account. What kind of account?
Josh Hornung at Hornung Technology Services, which specializes in IT Support and Cyber Security services said, “A good unique password for each site is step one. Enabling two-factor or multi-factor authentication everywhere you can is step two. Too many people use the same password across many accounts, which is how a lot of this stuff happens nowadays.”
Even the professionals aren’t immune. Hornung knew of an IT professional at a different company who got hacked. He said the attackers “stole a spreadsheet where he kept all of his clients’ logins and security info.” From there, they “started logging into his clients and infecting them with ransomware.”
On a company level, you can either build your systems correctly on the front end and save yourself a world of hurt or you can fix the problem retroactively and pay dearly for it. And no matter what: the right time to start fixing what’s broken is right now. To quote Hornung, “It’s wild out there!”
How Does PayReel Keep Clients Safe?
With the mountains of personally identifiable information we handle each day, security is hugely important to us. We train our employees regularly on cybersecurity and we pay people to try to infiltrate our systems just to find vulnerabilities. At this point, such penetration tests might be a good idea for most companies—even those who only handle smaller scale data.
That might not seem very glamorous, but in this case, boring is exactly what you want. If your systems are secure, hackers may be inclined to move along to the low-hanging fruit and leave you alone. Either that or you can become fluent in Russian and start operating all of your business in Russian. (in Russian or in Russia?) нет? Okay, well then get on it.
Note: We relied heavily on The Daily’s June 8th podcast episode “Who is Hacking the U.S. Economy?” for this post.