Cyber Threats: Preventing and Responding to Them

Walt originally presented this topic with Brian Rossitto in a webinar for construction industry professionals hosted by Phelps.

In 2012, former FBI Director Robert Mueller said. “There are only two types of companies: those that have been hacked and those that will be.” Over a decade later, that statement still rings true.

Ransomware, which affects the construction and other industries, has been steadily rising. In 2023 alone, there were over 3,200 successful ransomware attacks in the United States, compromising at least 353 million records. This marked a 78% increase from 2022. You can see this is a global crisis, and it’s ever growing. There is an urgent need to prepare.

Companies face three main scenarios when dealing with data incidents:

• • Worst-case: Being breached
  • Detecting an intrusion or
  • Experiencing a failed attack.

The worst-case scenario requires a specific response, including deciding whether to pay the ransom, communicating with clients, and meeting legal obligations.

When your company is breached, it can face immediate operational shutdowns, loss of sensitive data, and potential legal ramifications. The decision to pay a ransom is complex. While it might restore access to data, it does not guarantee that the data won’t be returned to you or sold later on the dark web. Moreover, paying a ransom can embolden attackers to target your company again or attack others. Therefore, having a pre-planned strategy is crucial.

Preparing Before a Cyberattack

To effectively manage a cyber incident, you should have a well-prepared cyber response team. This team should include key leaders from management, IT, Human Resources (HR), as well as legal and public relations professionals. It is essential to conduct a data inventory to know where your sensitive information is stored and ensure that critical data is well-protected. Also, complete a risk assessment so you can address any vulnerabilities before an attacker exploits them. Identifying and protecting your company’s most valuable and sensitive information is a critical step in this process.

You must also encrypt your information. Encryption makes stolen data useless to hackers and reduces the need for notifications and the risk of class-action lawsuits.

It is also important to have robust privacy and security policies to protect your business from cyber threats. While ransomware is a significant concern, insiders’ intentional acts, mistakes, or negligence can be equally damaging. To mitigate these risks, your privacy policies should clearly outline expectations for your staff, such as reporting lost devices and guidelines on using thumb drives or other external media.

Your Playbook During a Cyberattack

What are the Written Information Security Plan (WISP) and the Cyber Incident Response Plan (CIRP)? These documents serve as your playbook during a cyberattack. They detail your team, data, risks, and contacts. Having these plans prepared and regularly rehearsed is crucial, as many companies fail to practice their response strategies. Be sure to have printed copies of these plans on hand in the event your digital copy is compromised during the data incident.

Understanding state and federal laws is essential, especially if your business operates across multiple states. You need to be aware of the specific notification requirements in each state in the event of a breach, including the timelines for same, some of which are as short as 30 days.

Remember that keeping data longer than necessary can increase liability, so adhere to your data retention policies. For example, most HR records are required to be kept for seven years. By following these guidelines and deleting data pursuant to your retention policy, you minimize the amount of data at risk during a breach. Similarly, access policies should limit who can view sensitive information, reducing the potential and impact of breaches.

Don’t Wait. Act Now!

In the event of a breach, immediate action is necessary. You need to detect the issue, contain it to prevent further spread, and remediate the situation.  The FBI and U.S. Secret Service as well as local law enforcement can give valuable assistance during such crises. These agencies can offer guidance, help trace the source of the attack, and may provide encryption keys to unlock your data. Companies can also report a data incident online at the Internet Crime Complaint Center, IC3.gov.

While law enforcement agencies like the FBI and the United States Secret Service can assist in identifying the attack’s source, the responsibility for recovery lies with you. This may involve hiring experts to help restore your systems and secure your data.

Public communication is another critical aspect of breach management. You should inform clients, customers, and employees quickly to maintain trust and transparency.  This notice should only be issued after you have a command of the facts concerning the data breach.

If you have been breached, you should also contact your legal advisors and insurance carrier immediately and let them know you’ve had a cyberattack.

Document every significant event during a data breach, as this information is critical for forensic experts, law enforcement, and preparing for potential litigation.

Having a Backup

Regular backups are essential for recovery in the event of data loss due to ransomware. A robust backup strategy can be the difference between a quick recovery and a prolonged shutdown. Here are some key aspects to consider when implementing a backup plan:

• • Frequency: Determine how often backups should occur based on the critical nature of your data. For some businesses, daily backups might suffice, while others may require hourly backups to ensure minimal data loss.
  • Types of Backups: Utilize a combination of full, incremental and differential backups. Full backups capture all data at a point in time, while incremental and differential backups save only changes since the last backup, optimizing storage use, and speed.
  • Storage Solutions: Store backups in multiple locations, including off-site and cloud-based solutions. This ensures that data remains safe even if physical locations are compromised. Cloud storage offers scalability and accessibility, making it a popular choice for many businesses.
  • Testing Backups: Regularly test backup systems to ensure data can be restored quickly and completely. This involves simulating data recovery scenarios to verify that backups are functioning correctly and that data integrity is maintained.
  • Security Measures: Protect backup data with encryption and access controls to prevent unauthorized access. Ensure that backup systems are as secure as primary data storage solutions to avoid them becoming a vulnerability.
  • Documentation and Policies: Develop clear policies and procedures for data backup and recovery. This includes defining roles and responsibilities, establishing protocols for regular testing, and maintaining documentation for auditing and compliance purposes.

By having a comprehensive backup strategy, you can ensure that your business can recover swiftly from data loss incidents, minimizing downtime and financial impact.

Phishing and Social Engineering Attacks

These attacks exploit human psychology rather than technical vulnerabilities, which makes them difficult to defend against. Here’s a look at different attacks:

• • Email Phishing: Mass emails sent to many people, trying to trick them into giving personal information or clicking on malicious links. These emails often appear to be from legitimate sources, such as banks or well-known companies, and contain urgent messages designed to provoke a quick response.
  • Spear Phishing: Targeted emails aimed at specific individuals within a company, often pretending to be from a trusted source. These attacks are more personalized and can include details that make them appear credible, such as the recipient’s name or job title.
  • Whaling: A type of phishing that targets high-level executives, like CEOs or CFOs, to steal sensitive information or money. Whaling attacks often involve emails that appear to be from a trusted source, such as a board member or legal advisor, and request sensitive information or large financial transactions.
  • Smishing: Phishing attempts sent via SMS text messages, often pretending to be from a known contact or organization. These messages may include links to malicious websites or ask the recipient to respond with personal information.
  • Vishing: Voice phishing, where attackers use phone calls to trick individuals into revealing personal information, often by pretending to be from a legitimate organization. These calls can be highly convincing, using tactics such as spoofing caller ID to appear as if they are coming from a trusted source.

You should verify any requests for sensitive information by picking up the phone and calling the requester directly. This simple step can prevent many phishing attacks from succeeding.

What’s on the Horizon

Keep in mind that artificial intelligence (AI) is making phishing attacks more convincing and harder to detect. For example, attackers are using AI to mimic voices and faces, making it even harder for you to recognize scams. As AI technology continues to advance, it is likely that cybercriminals will find new ways to exploit it for malicious purposes.

This highlights the importance of staying informed about the latest threats and adapting security measures accordingly.

Key Takeaways

• • Ransomware attacks are on the rise, with a significant increase in incidents and records breached in recent years.
  • You should have a clear plan for responding to cyberattacks, including preserving evidence and contacting legal and insurance advisors.
  • A dedicated cyber response team is essential, comprising IT, management, human resources, and legal professionals.
  • Encrypting data can prevent hackers from using stolen information, reducing the need for notifications and litigation exposure.
  • Cyber hygiene, including multi-factor authentication and timely software updates, is vital to prevent attacks.
  • Always verify requests for sensitive information by contacting the requester directly through known channels.
  • Stay informed about the latest cyber threats and continuously update your security measures to protect your business.

Please contact Walt Green or any member of the Phelps Cybersecurity, Privacy and Data Protection team if you have questions or need advice or guidance.