Bears Business Brief: Understanding the evolving risks associated with technology - College of Business News

College of Business News

"Think Bigger and Bolder"

Bears Business Brief: Understanding the evolving risks associated with technology

by

By: Richard Ollis

headshot Richard Ollis
Richard Ollis

Have you ever been held hostage or been a victim of extortion? The chances that you’ll be targeted by something like this are growing dramatically. According to a report by Intel Security, in the fourth quarter of 2015 the incidence rate of ransomware being installed on computers increased 26 percent.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid, normally accompanied by an associated deadline. According to the FBI, criminals have been netting an estimated $150 million a year through these scams. And this estimate has already become obsolete, with a single ransomware campaign last year netting $325 million.

The FBI report did not estimate the overall value of the losses, but found some six million known attempts to install this type of malware which encrypts the contents of a computer and locks the data down unless the user pays a ransom to obtain a decryption key.  Many times the criminal will encrypt your data so it’s not readable, or installs embarrassing pornography on your screen. Additional threats may also be implemented if the ransom is not paid by a stated deadline.

In February, Hollywood Presbyterian Medical Center acknowledged that it had paid $17,000 to hackers using ransomware, saying it was “in the best interest of restoring normal operations.” Locally, this practice is now common and impacts companies that have been caught in the extortion trap. In many cases, the criminals will demand payment be made in Bitcoin, making tracking down the hackers very difficult as there is no connection to the banking system.

According to Reuters, on March 25, 2016, the FBI sent a Confidential Flash Advisory focusing on ransomware known as MSIL/Samas.A. This software seeks to encrypt data on entire networks — an alarming change — because most ransomware has traditionally attacked only one computer at a time. “This is basically becoming a national cyber emergency,” said Ben Johnson, co-founder of Carbon Black, a cyber security firm that just uncovered another type of ransomware that seeks to attack PCs through infected Microsoft Word documents.

The practice of using ransomware is growing, due to several factors. The software is easy to obtain and can be accessed over the internet at little or no cost. Criminal networks now offer the service, making themselves available to less technical criminals, a business model known as “ransomware-as-a-service.” It’s also difficult to track down culprits who can hide behind anonymous networks and use payment schemes such as Bitcoin, again making the crime difficult to track.

In many ways, this has become a more lucrative business model than other traditional forms of cybercrime. “Soft targets” like hospitals, schools and police departments are now being targeted because they typically don’t have the types of sophisticated cyber defenses that are used by financial institutions or defense contractors.

It’s distressing that businesses and consumers have to deal with this type of emerging crime.

Here are several basic steps to employ in order to reduce the chances of this happening to you or your business:

1. Use reputable anti-virus software and a firewall. Enlisting the help of a technology expert can help you select the right security systems.

2. Back up your system often and in a separate location so your system and data can be restored easily. Some people or businesses even restore their system to default about every six months so they can start with a fresh backup.

3. Train yourself and your staff about accessing websites and clicking on links or attachments. Enabling your pop-up blocker and installing defensive software to filter out hacker emails are also good ideas. Ransomware is often installed unwittingly by accessing or clicking on a “faked” website, attachment, link or pop-up.  Be extremely cautious with unknown email addresses, websites, links, attachments and when anyone is asking for your data. If it seems unusual or suspicious, verify the source — even if it looks like it’s coming from your CEO (another popular scam).

4. Alert authorities, including the police department and FBI. Intel Corp’s McAfee Labs estimates that 3 percent of users end up paying the ransom, which is typically low enough to tempt the victim to avoid the hassle of being locked by the ransomware’s encryption.  Experts say the bigger issue is that by paying the ransom, you are encouraging the cyber criminals and driving the next generation of ransomware.

5. Consider purchasing cyber insurance to protect against this crime and other issues such as data breaches. Because technology crimes are fairly new and quickly evolving, insurance policies are not standardized. Enlisting an insurance expert is important to help you analyze the various options available.

The world of crime is changing and technology is expediting the pace of change. Understanding the evolving risks associated with technology, implementing strategies to mitigate risk and insuring against the catastrophic are now parts of a critical process individuals and companies should employ.

Richard Ollis is CEO of Ollis/Akers/Arney, an employee owned business and insurance advisory firm.

This article appeared in the April 9th, 2016 edition of the Springfield News-Leader and can be accessed online here.