Why IT Professionals Should Hate 3-day Weekends

During the height of the pandemic in 2020, IT departments across the country were hailed as heroes.  Their determination, creativity, ingenuity, and long hours helped millions of Americans that could work from home, successfully work from home (WFH).  They helped thousands of companies cope with work from home and allowed business to continue as best as possible.  If you have not thanked your IT professional recently, please take the time out to do so. 

The following message is for the non-IT professionals that might be reading this article.  Listen to your IT professionals and understand that there is NO silver bullet and NO single solution fix that will prevent your company from being a victim of a cyber security attack like ransomware.  Gone are the days where buying a better antivirus software program or a newer firewall model solved 99% of your issues.  Cyber security threats have evolved, and if you want to survive the latest wave of attacks, your company’s technology and the way you do business need to evolve also. 

It is 2021 now, and the rate of technological evolution seems to be on an upward hockey stick curve.  Everywhere you turn there is a better way of getting things done.  Unfortunately, for the criminal element in the world, they have also come up with better ways of making money: ransomware.

By now almost everyone on the planet has heard about it, but there is misinformation and confusion out there also.  Ransomware is a very accurate term to describe what happens.  A piece of software makes its way into your computing environment and encrypts your data to prevent you from using it unless you pay a ransom to get the tools to unlock your data. 

How does the ransomware get into your environment?  Users opening phishing emails, a Zero day exploit on a software package you run, social engineering, or simply being a successful business that a criminal organization wants to target.  Endless reasons with the same outcome. 

Protect – Detect – Respond – Restore (if necessary)

Do not protect your organization to just the best of your ability.  Protect it to the best ability of a qualified security expert or organization’s ability.  Information technology is a vast field akin to medicine.  There are so many areas and subareas of technology that no one is a subject matter expert on all of them.  Hire the best you can afford or outsource.  There are numerous MSPs and other similar organizations that help manage your security and even provide around the clock monitoring with response.  You need that coverage when you are not there. 

Did you know that a lot of organized cyber-attacks happen on 3-day weekends?  One more day to do their work and cover their tracks.  JBS[1] was the latest victim, as we all found out after the 3-day Memorial Day weekend. 

• Train the entire company on cyber security best practices.  Everyone trains, no exceptions.  There are tons of companies with great programs available.  KnowBe4 is a personal favorite.  Cyber security is not strictly an IT issue.  It is a company-wide endeavor. 
• Follow a security network framework like NIST[2].  Remember nothing is a guarantee, but having good practices starts with a plan.  NIST is a great starting place if you need one. 
• Buy good cyber-attack insurance and hope you will never need it.  Did you know in the early days of cyber-attack insurance, policies did not cover damages from encrypted files?  The policy issuer would not cover the loss because the files were still in your possession, encrypted or not.  Thank goodness this practice has also evolved.  Always check your policy and the items it covers.  Do they provide a remediation team and assistance in recovery post attack?  Check your policy. 

Here are two small tricks that could help a little 

If you are playing the odds, even a couple points in your favor could be the difference between surviving an attack or avoiding it entirely. 

1. Did you know Windows 10 has ransomware protection built in?  It is basic but functional.  In a nutshell, it prevents non-authorized programs from writing or changing data in specific folders. Is it foolproof? Let us just say it is another way to improve your odds. Windows 10 Ransomware Protection In 2021: Some Surprises, Says Report (forbes.com)
2. This one is an obscure trick and only worked against the attack that took down Colonial Pipeline. The developers of that attack were very conscientious.  To prevent the ransomware software from accidentally impacting systems in their own part of the world, they built-in a safety feature.  It did not work on computers running virtual keyboard such as Russian or Ukrainian.  You can toggle between your installed languages using Windows+Spacebar.  https://www.cnn.com/2021/06/03/politics/white-house-open-letter-ransomware-attacks-businesses/index.html.

Protect your company’s data using an immutable storage platform like Panzura.  The technology behind Panzura helps you easily undo the harm caused by a ransomware attack.  It’s simple to implement. 

Early detection is crucial to minimizing the impact of a cyber-attack.  Ask yourself, “How does my firm detect such attacks?”    If you answered something like “firewall or antivirus,” you need to find an expert. 

Invest in a SIEM platform to help detect unusual activity in your environment.  Manage Engine, Varonis, Microsoft, and others all have products that can detect usual activity based on behavior patterns.  These platforms learn by observing and note when something unusual happens, such as if employee Jim logs in to Stacy’s computer when Jim is already logged into his own computer. 

When it comes to cyber security, many organizations heavily load their IT budget on items in the protect category.  Typically, not enough money is allocated on detect and respond.  An excellent and economical solution can be outsourcing to an organization that specializes in cyber security. 

Every good security framework has a response plan baked in, and the great firms practice those play books on a regular basis.  How you respond to a cyber-attack can make or break your company.

Let us dive deeper into respond.  As mentioned earlier, everything in technology is evolving at an alarming rate.  So are the ransomware tactics. 

You have found that your company has been attacked.  You have mitigated the environment, and it is now in a safe state but damaged.  You have the choice of paying the ransom to undo the damage or proceed with restoring from backup.  The FBI’s stance on not paying the ransom is well known.  Paying the ransom simply funds a criminal organization that will continue to attack other companies.  In theory, you would be funding the next Colonial Pipeline, Fuji Film[3], or JBS attack. 

Just as you decide to not pay the ransom, the attackers inform you that they also stole confidential information, and they plan on releasing it to the public if you do not pay up.  This is the latest tactic to force payment: data blackmail. [4]

Pay up or we will dump your private data on the internet!

Did your detect framework provide a complete audit trail of everything the attackers had access to?  Was it sensitive financial transaction records?  Employee social security numbers? Trade secrets?  Do you know?

Having the ability to restore your environment is crucial to getting back to work.  But that last threat, that last bit of extortion to make your company’s private data public, is extremely troubling.  Panzura Data Services, a SaaS offering by Panzura, helps take the sting out of that latest tactic.  With Panzura Data Services running on top of your Panzura Global File System, you have complete transparency into your unstructured file data. 

Besides the wealth of data analytics about your data that Panzura Data Services provides, it also provides a near real time audit trail of every file transaction in your Global File System.  I want to emphasize the near real time aspect.  A lot of cloud services offer similar functions around their own platforms, but they are rarely provided in real time or near real time.  When you are trying to track down the attacker, accurate and timely information is a must.  Panzura Data Services provides that for your Panzura Global File System and non-Panzura NFS volumes. 

Having all the data to enable leadership to make the best decision possible regarding your ransom situation is critical.  Layering technology like Data Services on top of a Panzura Global File System is simple and effective. 

My earlier statement regarding “NO silver bullet and NO single solution fix…” seems harsh.  The reality of our world is that information technology is complex.  Cyber criminals are targeting smaller successful companies with greater frequency[5].  We all just have to do our best to make their job as difficult as possible so they will hopefully pass us by for an easier mark. 

As you map out important plans for your cybersecurity, reach out to the Digital Transformation Team at Applied Software to help you identify tools like Panzura that will best serve your needs.

---

[1] JBS cyberattack: Meat producer will be back up and running Wednesday after its hack. But for some employees, that’s too late – CNN

[2] Cybersecurity Framework | NIST

[3] Fujifilm becomes the latest victim of a network-crippling ransomware attack | TechCrunch

[4] How to Negotiate with Ransomware Hackers | The New Yorker

[5] Ransomware: How Mid-Market Firms Can Strike Back (forbes.com)