Joe: There was a time when bank robbery was the preferred choice of criminals to obtain cash. When asked why he robbed banks, Willie Sutton, the notorious bank robber, simply replied, “Because that’s where the money is.” Today, ransomware, defined as a type of malicious software designed to block access to a computer system until a sum of money is paid, has less risk and is more lucrative. No guns are needed, not even a getaway car. Once a hacker encrypts your network and computer system, effectively rendering it unusable, it’s all over but the shouting. Your business or governmental operation could be essentially decided, locked up and finished. The outcome is clear, and all that’s left is the shouting at your informational tech adviser or cyber security vendor for letting it happen.
Ken: Municipal governments are uniquely vulnerable to hacking. They can’t function without the data stored on the local network, almost all are limited by a tight budget, and they employ many workers. Thus, they tend to skimp on employee training and delay updating and replacing older data processing equipment.
Joe: Imagine yourself being mayor of a small municipality. You go to the office on a Monday morning concerned about mountains of work sitting on your desk. When you arrive, you find the computer systems are down. All the city’s systems including water, gas payments and emergency services are unusable. No email. Copy machines linked to the computer network won’t function. Even the phones won’t work. Thereafter a ransom demand in six figures arrives. You’ve been hacked. This was the conundrum facing Lake City, Fla., a town of about 12,000 people. The city’s insurer, figuring the cost of recovering the data would far surpass the demand, paid $460,000 (less the deductible) to satisfy the ransom. This is not an isolated incident. Such intrusions this past year have also happened (according to a New York Times article) in Atlanta, Dallas, Baltimore and Jackson County, Ga., which paid the ransom amount of $400,000. Frankly, when I read about these incidents, I was shocked how vulnerable governmental units and businesses are to hackers and thieves. The importance of securing data by cyber security measures in a business or governmental setting cannot be over-emphasized. With these problems, hackers do not steal the data or caches of documents. Rather they make it unusable by encrypting it. This means you can’t get at the data unless you have the decryption key.
Ken: Hacking and holding data hostage for ransom is just as criminal as bank robbery at gunpoint. The problem for law enforcement is, as a rule, the perpetrators are doing business offshore from countries unlikely to cooperate with the U.S. by investigating.
Joe: Are these criminals really smart? The demands are being paid in bitcoin, considered the gold of the digital age. We are on the cusp of something new in criminal finance. When you talk to bankers, we are told cryptocurrency has no intrinsic value. Yet, the last time I checked, the bitcoin had a value of more than $10,000.
Ken: President Trump has commented, “Cryptocurrencies are a pure gamble with no discernible fundamentals whatsoever.” The bitcoin matter may well become an issue in the 2020 campaign. But what can a president do aside from telling the thieves, extortionists and terrorists to “cut that out?’’
Joe: Well, with all of this in mind, I asked my son-in-law for his take on this. My son-in-law is an engineering graduate and informational tech officer employed by a major financial institution in Chicago. His thoughts include the following:
1. Security measures are useless without proper training on how to: recognize phishing emails, recognize social engineering, recognize emails from malicious sources and understand when not to click attachments.
2. Better email filtering techniques can be employed to remove attachments coming from untrusted sources. Emails external to the company can be labeled as such, which lets employees know to treat them with care.
3. Finally, a backup of all data should be kept in a physically separate network (systems that cannot directly connect). If one network is compromised, the other will remain intact. In the case of Lake City, a couple of hard drives would have saved them $460,000.
Ken: Another answer is sending the data into “the cloud.” All the data then is uploaded and stored, often redundantly and on multiple servers, offsite in a facility hosted by a third-party company. Then, for a fee generally proportional to the amount of data involved, equipment maintenance and security become the responsibility of the host. Programs for data management, word processor, spread sheet, presentation creation, also can be downloadable from the cloud. IT costs for the client should reduce making the net cost a wash, and the thieves are blocked out. The cloud storage business is in a rapid growth phase. While there are quite a few young companies to choose from, the tech whales are getting increasingly involved: Amazon, Microsoft and Google.
(0) comments
Welcome to the discussion.
Log In
Please be civil. Don't threaten others. Don't make obscene, vulgar, lewd, racist, sexist or otherwise demeaning statements. Be respectful of others even if you disagree with them.
Please be truthful. Don't knowingly lie about anyone or anything.
Please be proactive. Report abusive posts.
Please share updates or more information. We value your input and opinion.
PLEASE TURN OFF YOUR CAPS LOCK. Thank you!