The Colonial Pipeline cyber attack served as a wake-up call to businesses — or at least it should have.

The attack crippled the fuel supply up and down the Atlantic Seaboard for almost a week, causing gasoline shortages and dramatically higher gas prices throughout the states of Alabama, Georgia, the Carolinas, and Virginia.

In this case, it appears that a hacking gang called “Darkside” breeched Colonial Pipeline’s network and demanded a ransom payment from the company to restore its data. The hackers demanded $5 million, of which Colonial paid $4.4 million to restore the company’s data. This isn’t a trend anyone, except the hackers, would want to continue. The average ransomware demand in 2020 was nearly $850,000, with an average demand of $2.9 million for a large enterprise.1

Colonial Pipeline’s woes didn’t stop after paying the ransom. A class-action lawsuit, filed May 18, 2021 alleges the company and its owners “acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack” that harmed consumers.2

What is ransomware?

Ransomware is a form of malware that fraudsters use to gain access and control of a business’s network. They then lock the network, denying access to business-critical data until a ransom is paid. To make matters worse, often backup systems are also disabled to prevent network restoration.

Ransoms are usually paid in cryptocurrency because it’s hard to track. But even if the company pays or otherwise regains access to its data, there’s no guarantee that the criminals haven’t already sold it to others. Or that they won’t target the business again. Remember, these people don’t possess a high moral compass.

If you think your company is too obscure to be targeted, think again. Ransomware attacks aren’t just targeted at critical infrastructure or blue-chip corporations, and their initial goal isn’t always money.

While many ransomware schemes are designed to hold corporate networks hostage, today’s sophisticated hackers aren’t afraid to go after whatever they can get. It begins with data.

Police departments, healthcare providers, law offices and schools are frequently attacked because they gather personally identifiable information (PII), social security numbers, logins, and sensitive data (police mugshots or lists of confidential informants, for example). Manufacturers are targeted for proprietary intellectual property such as patents and processes, and financial services companies for their consumer and business data.

Rather than pondering the likelihood of an attack, ask yourself these important questions:

• What’s at stake?
• How long can you be without your data?
• What will be the long-term impact of a cyber attack or your response?

You should carefully consider not only the financial impact of an attack, but also the potential effects on your reputation, your customers, partners, and suppliers.

How to prevent a cyber attack.

The good news for most businesses is that elementary security measures are the best cyber risk mitigation tools.

• Keep your firewall and antiviral software current. Threats are constantly evolving. Your network protection should as well. Ensure your security rules, procedures and processes are up to date. Include heuristic analysis in your antivirus solution to detect unfamiliar threats and variants.

• Implement a multi-layered security solution. The more hoops to jump through, the harder it will be for fraudsters to penetrate your network. Ideally, you want network monitoring and intrusion (IDS), intrusion prevention (IPS) and anti-malware. Don’t forget two-factor authentication and a password manager.

• Secure every device that touches your network. Out-of-date or jailbroken devices create open doorways for hackers.

• Don’t skimp on IT. Your network design, implementation and maintenance can be a lifeline. Up-to-date hardware and software are simply harder to hack. Be sure you’re working with a nimble IT team that’s aware of the latest threats and countermeasures and is ready to act in case of a breech. Insist on frequent network audits and scans for new accounts, open ports, and unusual remote connections. And always apply security patches as they are released.

• Use and test backups. Backups are only useful when they work. They must contain the information you need (current and historical) and be quickly accessible. After backing up data, disconnect the drive. Again, ransomware is known to also encrypt backup drives. Consider offsite storage and the cloud for extra protection.

• Don’t click on unfamiliar or suspicious links. Of course, everyone knows this. But given the sophistication of today’s cyber attacks, it can be hard to discern a legitimate email link from a phishing scam. Be sure your employees know what to look for.

• Limit publicly shared information. Social media is a treasure trove for spear phishing, which targets specific individuals and companies for things like job titles, interests, etc. Your social media policy should limit work-related information shared.

• Restrict administrative rights. Limit employees’ ability to install software as well access to certain data. Only share sensitive information on a “need-to-know” basis. Group Policy Objects, a collection of client and system control settings, provide rules and restrictions for file executions. This further reduces the risk of installing malware.

• Train, remind, repeat. Employees look for means to efficiently accomplish often overwhelming workloads. These can sometimes include shortcuts. Staff may be confident enough in their IT network to think “a breech can’t happen here.” But because cyber risk awareness may not be top of mind, frequent reminders and repetition are key.

• Report threats immediately. Don’t hesitate to report an attack – even if you’re not certain there is one. The FBI encourages reporting suspicious or criminal activity to your local FBI field office or its 24/7 CyWatch team, available by email at CyWatch@fbi.gov or by phone at 855-292-3937.

Insure your business.

Business insurance policies are available to cover losses from cyber attacks. Often called “cyber-extortion coverage,” the insuring agreements include monies to pay ransom, fees for experts to negotiate with hackers, as well as fees for forensics professionals to assess the breach and recommend preventative measures.2

Be proactive in protecting business assets.

If you haven’t performed a security audit or reviewed your disaster recovery plan in a while, now’s the time. You need to know where vulnerabilities lie and exactly what you’ll do if your network is disabled or your data is compromised by a cyber attack. Having a current plan — and testing it — will allow you to recover as quickly as possible.

As with everything, it’s better to be safe than sorry when it comes to protecting your assets. Contact Synovus Treasury and Payment Solutions or your Relationship Manager to see how Synovus can help.