Washington Works Blog

What would you say if we told you that someone could buy access to your organization’s network for a measly $1,000? Well, this is the unfortunate reality that we live in, where hackers have commoditized the hard work you have invested in your organization. A study from KELA shows that the average cost to buy access to a compromised network infrastructure is insignificant at best, which is why it’s more important than ever to protect your business as best you can.

Have you ever wondered how hackers manage to pull off incredible feats like bombarding networks and servers with so much traffic that they simply cannot function? None of this would be possible if not for botnets. But what is a botnet, and why is it important for your organization to understand? Let’s dive into the details.

Data breaches have become all too common for small businesses over the past several years and when it seems like there is a solution to one problem, something even worse pops up. Part of a comprehensive risk management strategy is identifying problems and doing what you can to keep them from affecting your business. Let’s take a look at the major cybersecurity threats small businesses are facing in 2021 and what you can do to keep them from hurting your business.

We know, we know; you’re probably sick of seeing ransomware in headlines, and so are we, but we cannot stress enough how important having an awareness of it is for any business owner. A new study has found that businesses infected by ransomware who choose to pay up experience a different type of fallout--one that is a major cause for concern and a stark reminder that there are no guarantees with ransomware. Ever.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

You’ve probably heard by now, a Russia-based hacking collective by the name of DarkSide targeted Colonial Pipeline, a company that supplies nearly 45 percent of the fuel used along the Eastern Seaboard of the United States, with a ransomware attack. Not only does this hack have an effect on fuel prices and availability, it highlights just how vulnerable much of the nation’s energy infrastructure is. Let’s discuss the details of the hack and the raging discussion about cybersecurity that’s happening as a result. 

What if I told you that 92 percent of all organizations that are hit by a ransomware attack and agree to settle with the scammers, don’t ever see their data again? You’d probably say that you would never, ever pay and those that do, don’t make sense. Most people keep that stance until their choices are to pay for the data in the hopes of getting it back, or lose it completely. Let’s unpack ransomware and the strategy that hackers most utilize to deploy it: Phishing.

There is an entire litany of stereotypes that are commonly linked to the term “hacker”… too many for us to dig into here, especially since they do little but form a caricature of just one form that today’s cybercriminal can take. Let’s go into the different varieties that are covered nowadays under the blanket term of “hacker,” and the threat that each pose to businesses today.

As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business. 

It’s been reported that a hacker virtually broke into a Floridian water treatment facility and briefly increased the levels of sodium hydroxide in the Pinellas County water supply. Fortunately, onsite operators noticed the spike and reduced it right away, keeping the public from risk of increased levels of poison in their water. This is just the latest story in a seemingly never-ending supply of them that have to do with public utilities being at risk from cyberattacks. Today, we will take a look at this issue. 

You may have heard whispers that, compared to the past few years, 2020 has seen considerably fewer data breaches play out. While this may sound like a cause for celebration, we wanted to share a few reasons that this news may not be as great as it appears.

We’ve been predicting it, and feeling it, but now the numbers are in. Officially, cybersecurity attacks have increased significantly since the start of the COVID-19 crisis - in particular the lockdown.

Two-factor Authentication, also referred to as Multi-Factor Authentication, or 2FA, is typically where you log in to something and have to type in a small code from your mobile device in order to finish the sign-in process. It’s really the only thing protecting your accounts anymore, so it’s critical to use it.

Windows 7 might not be supported by Microsoft any longer, but millions of people are still using PCs that run the antiquated operating system. Since Microsoft has put an end to extended support for Windows 7 OS, a couple bugs have been found. Let’s take a look at what exactly is behind these issues and discuss your options.

Picture this… In your office you have a bag filled with thousands of envelopes. In each envelope there is $242 in cash. Unbeknownst to you, a thief has gained access to your office, but you don’t realize this until 279 days later. How much is this going to cost your business?

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

Now that the holidays have come and gone, you might have a couple of new gadgets in your home or office that connect to the Internet. Depending on what these gadgets are, you might have a serious security issue sitting right in front of you without realizing it. Some devices that don’t normally connect to the Internet--also known as Internet of Things devices (IoT)--aren’t as secure as you’d like them to be, particularly in a business environment.

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.

Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact, as a quick glance back can show.