In March of 2018, the city of Atlanta was held hostage by hackers. The ransomware attack by SamSam hacking crew infected the city with a virus that crippled computers, wireless networks, and blocked access to important data. It left police officers writing reports by hand, residents were unable to pay their utility bills online, access to Wi-Fi at the airport was not available, and city courts had to close. They were literally held hostage from access to their network until they paid a $51K ransom to the cyber criminals.
It is now June and the city is still feeling the effects of this cyber crime. The malware clean up was estimated to be 2.7 million and is now nearing the 10 million mark, which is far larger than earlier reports indicated. As the investigation continues, it is becoming more evident that the breech happened because of human error.
You have probably heard your IT person say a million times how important it is to have an extensive cyber security plan in place with end user training for your employees. The example of Atlanta and other breeches around the globe is a perfect example of how the actions of internal personnel can literally cost your business thousands if not millions of dollars. Yes, it costs money to put a cyber security plan in place, but look at the aftermath of what can happen when you don’t have a well laid out plan. You become vulnerable and could quite possibly be out of business if you don’t make this a priority.
Many businesses rely heavily on their cyber security insurance policy as their cyber security plan, but this is only one part of it. Having insurance is important, but not something you can not rely solely on. For example when Sony got hacked, they sent a claim to their cyber insurance company. The insurance company filed a law suit against Sony stating that they didn’t do their due diligence to educate their end users properly to prevent a breech and the insurance company won the law suit. So once again, having an insurance policy isn’t protection enough. You have to do your due diligence and make sure you have systems in place, cyber security road maps that your organization can follow to improve its overall risk management approach, and training for all your employees so they understand the what to look out for and how to act more responsibly online.
What is the true cost of not preventing a ransomware attack?
To get a FREE assessment of your business security network, click the link below. Protek is your IT partner when it comes to security. We offer email protection, phishing training, dark web monitoring, security assessments, security and end user training, SEIM, USB drive lockout, data encryption, log management and assistance with compliance.
This week’s “What the Tech” was by Eric Woodard, CEO/Owner of Protek