January 29, 2015

How a single cybersecurity incident can kill your business

Business

A single cybersecurity compromise is often enough to bring down a business, especially a small one that has little or no resources to recuperate. Here are two examples based on real events.

640

Story I: An almost lethal malware attack from a competitor

A professional IT worker – based on his recent experience – has relayed this story: A small company – a vendor supplying bijou from South-Eastern Asia on demand – was compromised and started doling out an unspecified malware to its visitors. The company had to hire an external IT specialist to deal with the problem, as there were no staff members capable of handling it.

The malicious code was removed from the site in a matter of a few hours, but it quickly came back. This meant that the malefactors had access to the site, and for as long as they had it, they could re-plant their code again and again. 

After some investigating it became clear that it was the business owner’s PC that had been compromised first. The owner used an obscure free antivirus, which underperformed. The malware planted on the owner’s machine allowed hackers to steal credentials to the site. As soon as this malware was wiped and the login and password to the site changed, the problem seemed to be gone. Unfortunately, that was just the beginning. Google had blacklisted the company’s site as malware-infected and removed it from its index. This happened with other search engines as well.

It took some time to get the site back – and not just into search engines indices, but also in the same positions it used to occupy. The company’s business proved to be extremely dependent on its site’s performance, and during this “down time,” the company almost ceased to earn revenue, and was on the brink of dissolution. It took a year to recover.

Even though the attacked company was small, the owner was sure that it was a targeted attack from competitors. Throughout the experience he had to learn a lot of information unrelated to the company’s business, although it was all directly related to the security of the company’s data: safekeeping passwords, tracking and key logging malware, etc.

Story II: Encrypting malware hits, all data lost

Another story told earlier in our recent blogpost on Cryptolocker: An accounting firm was hit with ransomware, which locked the company out of all of its data by applying a strong encryption. The company went out of business. Cryptolocker is an encrypting ransomware, which covertly encrypts all data it can reach and demands a large ransom for decryption. Given the fact it uses very strong encryption, it leaves only two options to its victims: either pay the ransom or try to recover the unencrypted data from backups, if they exist.

Due to a series of mistakes made by an underqualified in-house tech worker, neither were viable options. As soon as the Cryptolocker was discovered, the admin wiped the server along with the ransomware itself (thus removing the last and worst option of getting the data back: pay the ransom). Then he couldn’t remember or recover the password to the remote backup service.

Having failed so much, the admin was fired. All later attempts to recover the data made by a newly hired IT specialist failed as well, and the firm went under. 

Those are two stories each illustrate one thing: both companies were unprepared for what they faced. To prepare your business, spend time learning about cybersecurity, have a highly qualified in-house admin (which is not always affordable), or use a simple, but capable and efficient solution like Kaspersky Small Office Security, which would help to solve a majority of the IT security troubles described above.