In today's episode, we talk with Michael Puldy, Founder & CEO of Puldy Resilience Partners, about the increasing cyber security threats American businesses face today as a result of Russia's invasion of Ukraine, what makes manufacturers more at risk, and what companies can do to better protect their businesses and employees.  

What you will learn:

➡️ What industries are most at risk right now

➡️ What makes manufacturers easy targets

➡️The difference between phishing attacks and ransomware attacks

➡️ Key takeaways from the Colonial Pipeline, JBS Foods, and Brenntag cyber-attacks

What Industries are most at risk right now

The Cybersecurity & Infrastructure Security Agency (CISA) has advised all organizations -- regardless of size -- to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets as a result of Russia's invasion of Ukraine. Unfortunately, that doesn't give a lot of priority which means everyone is really at risk, but the reality is that it's a game of probabilities. If you're a major corporation involved in the infrastructure of the United States, such as utilities, power, water, fuel, or you're a key part of the supply chain, you really need to have your defenses up. CISA has a section on their website, Shields Up, with information that you can look at to understand what you can do to protect your business. 

What makes manufacturers easy targets

There are actually a lot of things that make companies easy targets, but for manufacturers specifically, it's their OT or Operational Technology. Too often companies look at their IT or Information Technology, and not their OT. Of course, the question is -- what's the difference? 

Information Technology is your servers, your data center, its communications, it's the elements that you have to recover those environments like your IT disaster recovery. If you look at OT, Operational Technology, which is what you have a lot in manufacturing companies, it's your physical power plant, it's robotics, its machinery, it's the industrial control systems, the PLCs, etc. What happens is a lot of these manufacturing companies are very focused on their IT, but they're not as focused on their OT. In fact, it may be organizationally, that there are two different people -- one organization such as the engineering community may be responsible for their OT, and the IT is their traditional IT technical people. Going back to what makes these companies easy targets, it's a number of things including outdated OT, a lack of command and control, and limited or no testing. 

The Difference Between phishing attacks and ransomware attacks

Phishing attacks are essentially emails or texts or some level of social engineering, where people are trying to break into your system. This term has been around for probably 20-30 years. It's been around for a long time and the way it started is people would send emails to try to social socially engineer the recipient in getting them to send money --  we've all heard of the send money to the Nigerian prince. We've all heard about that scam as essentially a phishing scam. But over the years, they've gotten a lot more sophisticated. And the way they'll come in now is they come in primarily through email, they look very suspect it looks like the logos look correct, the addresses look correct. And so it's now starting to take a very trained eye.

Think of phishing emails like people are trying to get in your house or they're knocking on your door, they're finding they're they're jiggling the window, they're looking at the backdoor gate, they're trying to find a way to get into your system. Once they get into your system. What if you click on one of these emails, what happens in most cases is then a piece of malware or a piece of computer code logs into your computer. And then it phones home, it phones home to the people that are instigating this, and they know that they're in and then they take action. 

The interesting thing about a lot of these companies that are looking for ransomware, they're really looking for money. A lot of times it's not really a state actor that is looking for ransomware -- they may be affiliated with a state actor, but a lot of these are businesses, they come in, people come in at eight o'clock in the morning, they get their cup of coffee. And then they look and find out how who's been attacked today. These companies are very highly specialized. There's almost a division of labor, there's the attack group that send out the phishing emails and craft the really neat emails, there's the second group that then probes around. So once they're in with the malware, and they have access to your system, then they'll have a group of people and they'll probe around, and they may be in your system for months. In fact, the average number of days for a company, once they're compromised, before they're investigated, before the situation is resolved, it's almost a year. 

A lot of these companies, these bad, bad threat actors, they're in your system for three, six months. They're analyzing your data. They're figuring out what your finances are. They're understanding if they can get personal and private information of your employees, so they're taking their time. And then once that's done, then they turn it over to the next group, which is really the extortion exfiltration group that then download data, decide whether or not to encrypt and then go ahead and say you know, you have to pay us $50,000 in Bitcoin, or a million dollars in Bitcoin. 

Ransomware attacks will come in the same way, through a phishing email or some sort of malware. Occasionally, companies will go in and they'll find a way to hack into the system, through a remote penetration, and then they'll plant the malware themselves. But that's also expensive. That's time-consuming. You may have heard the term Ransomware as a Service, you can go online, provide an email and you can say, okay, I want to break into Michele's business. Here's a credit card, and here's Michele's email, and then in 30 to 60 days, or maybe a couple of months, the bad threat actors, they send you a check.

What makes this really interesting is the amount of money that we're talking about is incredibly high, the FBI estimated in the city of Los Angeles, that it costs roughly $30 million a month to businesses in the larger Los Angeles metro area, because of ransomware attacks.

In fact, the Ponemon Institute estimated that the cost of a data breach was around $3 million and that includes not just the not just the breach itself, but all the regulatory issues, the the cost associated with customers, the lawsuits that follow. In fact, these lawsuits go on for years, and in many cases, they can destroy a company either ruining the company's brand, inhibiting revenue, or customer confidence is completely lost in the company going out of business.

 

Key takeaways from the Colonial Pipeline, JBS Foods, and Brenntag cyber-attacks

The cost associated with these types of break-ins for some of these companies like JBS, which is a multi-billion dollar company, is really not that big of a deal. The bigger issue is the impact on customers, employees, partners, and suppliers. That's where the bigger impact is, you have the beef supplier in Iowa who can't move their cattle to the processing plant, so that disrupts their business and their supply chain. There are a lot of downstream effects associated with one of these ransomware attacks that a lot of people don't consider and the press doesn't necessarily cover.


Resources

Recent Posts