Ransomware (Really) is Everywhere

The scourge of digital extortion continues to hit hard over the last few weeks since June's CyberAdvisor titled "Ransomware is Everywhere."  You can't seem to get away from the headlines and attention-grabbing damages being reported from around the country. Yet, levels of awareness and preparedness are still pathetically low.
New York Times article on Riviera Beach ransomware

Here's what "leadership" sounds like in the face of a world of change in risk.

“This whole thing is so new to me and so foreign, and it’s almost where I can’t even believe that this happens but I’m learning that it’s not as uncommon as we would think it is,”

Riviera Beach Council Chairwoman KaShamba Miller-Anderson said Wednesday.

“Every day I’m learning how this even operates because it just sounds so far fetched to me.”

Really? 

Unfortunately; yes. Really.

I speak to dozens of groups every year, thousands of people from the C-suite to the employee, to the retiree. Groups from all walks of life in private and public sectors alike. With every session since 2013 I have asked:

"Who knows what ransomware is?"

The positive response rate is consistently less than 10%. Barely over what is was 2013-2016 when it was less than 5% of audiences members that had heard of the malware.

The Personalization of Cyber Risk

Our overarching theme at TDS since 2013 has been and will always be "The Personalization of Cyber Risk."

While you read about Rivera Beach, Baltimore, and others in headline breaches, what you don't yet hear so much about is the risk and damage being done on the individual level; smaller breaches aimed at people using personal technology in their daily, mainstream lives. I covered the topic with more detail in June's CyberAdvisor "Ransomware is Everywhere."

These are the key takeaways:

Targets of cybercriminals are getting smaller.

The same sophisticated hacking tools you read about in the news are increasingly used to attack smaller targets in volume - individuals, professionals, and small businesses - you just aren't reading about it yet. But it's where the big money is and it's 

desktop locked ransomware woman copy

spreading like wild fire around the world.

Attacks are getting more customized to the target.

While attack on small targets are typically conducted in volume, each individual strike is customized and engineered for efficacy using stolen personal information readily available on the Dark Web.

Over 80% of attacks today are 'opportunistic'.

Opportunistic attacks target vulnerable 'low-hanging-fruit' - those most unaware and unprepared, in mass volume.

It is broadly believed society will look back on the next couple of years as "The Greatest Transfer of Wealth in History" and damages will reach $6 trillion. 

The bulk of these damages will not be borne by municipalities and Fortune 500 companies, but by each individual stitch of global society including yours, mine, and ours. 

Professional Client Advisors at Risk

We think "free" email services should not be used as a primary communications tool by anyone. If you are a still using AOL, Yahoo, Hotmail, MSN, or any of the "baby-bells" for email, you should reconsider.

Reputations, businesses, and practices by the millions will be damaged, many beyond repair. And while you cannot eliminate any risk in life, you must be smart and proactive. Every element of your constituency depends on it.

Excuses are wearing thin and cybersecurity technology today is effective, affordable to almost anyone, and it provides a lifetime of value from the moment you begin to protect. 

Finally, if you have a trusted client advisor in your personal or professional network that is still using "free" email for business, it's time to think about options. Do not consider it acceptable to transact, share, and trade anything of importance with a professional advisor using these services.

Real Cyber Risk in Real Estate

Speaking of trusted professional client advisors, earlier this year I spoke to a group of about twenty-five extraordinarily successful real estate agents. These are professionals that regularly transact in multi-million dollar residential deals with private clients. They work for an esteemed brand with a terrific reputation and as brokers, they share some of the most sensitive and highly valued information one could have.Cyber_Security_in_Real_Estate_Sales_image-1-461205-edited-1

Not one of them recognized the term 'ransomware' or had any understanding of the threat it posed to themselves or their practices, much less their clientele. Not one.

Imagine the potential damage at hand, all because one person makes one wrong move with a mouse or touch screen. 

"The Riviera Beach attack began on May 29 after a police department employee opened an infected email attachment. A similar breach recently cost Baltimore $18 million to repair damages. "

The Palm Beach Post

Whether you are in real estate sales as a professional or as a buyer or seller, or in any other business that shares personal information, it is essential to evidence your understanding and mitigation of digital risk across activities; personally and professionally.

Privatizing Your Personal Email

Industry statistics consistently rank email as the #1 point of attack with 85% to 90% of all cyber crimes originating by an email.

With a private email domain, your personal information is your own, not Big Tech's. And you are off the grid for much of cybercrime's risk, as hackers increasingly look for the low-hanging-fruit; potential victims using "free" email services.

We make it simple, we use only the best enterprise-grade systems, and we keep you free of proprietary lockups and back-doors. Your domain is hosted on one of the most advanced cloud-based systems in the world, and we use "open" systems and security software to give you ultimate control.

For more:

Why Private Email?

About DKIM.

Diane risk management workshop-979696-edited-138535-editedOur very own Diane Kisner is the ultimate pro and expert at helping people privatize email.

You can email her to schedule a conversation and no-obligation quote at diane@totaldigitalsecurity.com, or just go here to get started. 

 

Best-in-Class Systems

We use Rackspace's cloud-based systems to build private email domains for our clients. Gartner continues to rank Rackspace as a leader in "Cloud Professional Managed Services."

Screen Shot 2019-06-19 at 3.59.09 PM-1

Our Private Email customers appreciate Rackspace for their demonstrated ability to innovate and execute.

We use enterprise-grade systems like Rackspace to build an eco-system of cybersecurity for private clients - remotely monitored and managed security 24/7/365, and delivered seamlessly to individual users and their personal technology.

A final point on our quest to always provide our clients with best-in-class solutions; look at the first tile on the list below.

Innovation in cybersecurity technology is on fire! Artificial intelligence is a game-changer, and we bring it to bear everywhere we can to provide the best possible protection for individuals and the personal technology they use every day. 

New Threat Alert: The "Threat Hack"

We see a ton of this, so be sure the 'threat hack' doesn't fool you. Phone, text, email -it feels like we're playing whack-a-mole every day. Malicious software and phishing are here to stay, but ignore these things the best you can. 

Screen Shot 2019-06-19 at 5.50.03 PM

You can read more on "The Threat Hack" topic by security guru Krebs, here:

Screen Shot 2019-05-23 at 9.16.51 AM

In the end, your best rule of thumb? When in doubt, delete it out!

"When in doubt, delete it out."

This goes for those 'service' popups and calls too. Microsoft is not calling you. Apple is not calling you. And they are not popping up on your screen either. Those are scams.

If Microsoft or Apple need you, you will know it's legit. Same with the IRS, Social Security, law enforcement, etc.

Screen Shot 2019-06-20 at 4.12.33 PMOr, call or email us for a reality check. We know all the tricks.

Thanks for reading,

Brad Deflin

 

Share:

Subscribe Here!

 

Includes the monthly CyberAdvisor Letter.

 


 

calendar_icon

Calendar of Cybersecurity Education and Speaking Events

 

Recent Posts