It isn’t a matter of if but when, say local cybersecurity experts of the possibility a computer hacker gains access to one’s personal or workplace computer.
“It's a very sensitive game, so the chances of people participating have been pretty good.”
The game Computol CEO Jeff Hamons is describing is not one of fun and excitement.
As the leader of a cybersecurity firm located in Perrysburg, he is speaking of the ominous roulette that hackers play with unsuspecting businesses over the sensitive data they glean through disseminating malicious software called “ransomware.”
In recent years, bad actors all over the globe in countries like China, Ukraine, and Russia have facilitated the growth of the ransomware industry, designed to attack computer-dependent individuals and businesses through the spreading of this software, the seizure of data, and the holding of that data hostage until monetary demands are met.
Though business is increasing at firms like Computol as business owners begin to become more “cyber aware,” Mr. Hamons feels that many of his clients haven’t taken the threat seriously enough and need to be more diligent in their efforts to protect themselves because the threat is significant.
The FBI estimates that more than 100,000 computers in the United States are infected with ransomware each day in what is projected to become a $6 trillion industry by the end of this year. Large entities like Kia Motors and the Colonial Pipeline system have had data breaches this year and President Biden has expanded the Industrial Control Systems Cybersecurity Initiative to make combatting cybercrimes and raising awareness a bigger part of his agenda on the national level.
Targeted incidents of this sort have even been popping up lately in northwest Ohio, with cyberattacks impacting Toledo Public Schools, WNWO-TV, Channel 24, and most recently the Toledo-Lucas County Public Library.
Ahmad Javaid is an associate professor at the University of Toledo specializing in issues of cybersecurity.
“The more people that have access to an organization, the more likely it will be that someone makes a mistake,” Mr. Javaid said, describing how an act as simple as leaving a computer logged in can create an opportunity for a hacker to enter a system.
Mr. Javaid makes an important distinction between public and private organizations stating how dangerous it can be when anyone from the general public can go in and access a computer versus when conditions like enrollment in a university or employment at a company make access harder.
The free-for-all aspect creates additional vulnerability for organizations like libraries because one does not know who is going to use the network for good activities or bad. Additionally, the lack of virtual safeguards in a more public system makes it easier to enter from off-site as well, he said.
“You cannot differentiate between who is going to use it,” Mr. Javaid said. “Once people are able to access those computers, then they can try to use different kinds of tools to extract different types of information from those systems. Once you are part of the network, you know what kind of internet protocol addresses are being used, you know what kind of security is being used, what kind of antivirus is being used and so on.”
Going beyond the actual computers or “end systems,” once in a network, a bad actor can often follow the connections into the databases and servers that hold the personal information they covet.
LaScala, a cybersecurity firm based in Temperance, Mich., practices these prevention principles on a daily basis by offering clients a two-pronged approach to managed information technology and cybersecurity attack prevention services. They serve clients all over the country on networks that range from 75 to 1,000 users.
For CEO Gregory LaScala, cyberattacks are becoming too common and businesses should change the way they view cyber policy.
“If I’m a business it's not about how can I stop it, it’s about how can I recover,” Mr. LaScala said.
Mr. LaScala stressed backup as a key ingredient to that recovery, stating that on average it takes 203 days for a company to realize that they have ransomware in their system. It then pays to have backup that is long lasting, say for seven years rather than the standard two to three months, so there is less chance something is lost.
“There are companies out there right now that have ransomware but don’t know it,” he said. “Without security check software they won’t ever know, so they need some sort of oversight to see if someone is trying to penetrate.”
As far as more simple ways a company can prepare and be proactive in practicing their “security hygiene,” as Mr. LaScala calls it, he mentions things like taking out a cybersecurity insurance policy on up to $750,000, since an attack can “take a company out for good” if they don’t watch out.
This industry has exploded in recent years with big insurance companies like AIG, Travelers, and AXA all presently offering cyber policies.
Still, safety can start with something as small as keeping your antivirus software up to date or using multifactor authentication.
“There are things to minimize the risks,” Mr. LaScala said. “They aren’t cheap but the alternative is way worse.”
First Published November 13, 2021, 4:02 p.m.
