CrowdStrike, AT&T, And The Big Money Question

In the midst of covering CrowdStrike’s inadvertent bug push—and the ensuing chaos at airports, communication services, and thousands of businesses—two cyber stories got relatively little airtime:

1. CDK, a global provider of software for auto dealerships, reportedly paid a $25 million ransom after a ransomware attack
2. Global telecom provider AT&T also reportedly paid a hefty ransom for a hacker to delete stolen phone records

Since many cyber criminals are in it for the money, paying a ransom is theoretically a legitimate way to end a cyber incident.?

Would you pay the ransom?

If you get hacked… should you pay the ransom? There are pros and cons to both approaches.?

The benefits of paying the ransom:

• Restore operations—and possibly customer trust—more quickly because you show you’re willing to do what it takes to get back to business
• Cost of paying the ransom is often less than it would cost to recover on your own
• Minimize the sting of the incident, which organizations can feel for up to three years post-attack

Some organizations that choose to pay ransoms might also charactertize it as learning; the ransom is the cost of getting their operations back as quickly as possible so they can prioritize cybersecurity going forward.

The drawbacks of paying a ransom:

• You could be marked as a company that pays ransoms, which may lead to targeted attacks
• There could be legal or regulatory ramifications to paying ransoms
• The hackers may not actually help you restore operations

Learn from the mistakes of others

CDK suffered from a ransomware attack—a type of attack where malcious software blocks access to a user’s computer after they open the file. That means, unfortunately, someone (or multiple people) likely opened a dangerous file without realizing it.?

→ How to prevent this in your organization: Training for employees on how to spot obvious scams (e.g. checking the sender domain) and encouraging employees to confirm sender authenticity before downloading any files.

AT&T’s incident came from a hacker group breaching Snowflake, a cloud-based data engineering platform. In this case, hackers noticed some of Snowflake’s data was unencrypted, and jumped at the crime of opportunity.?

→ How to prevent this in your organization: Talk to your vendors about where your organization’s data is stored, to ensure they are following best-practice protocols.

You need to go on cyber offense

Both of these incidents are situations where hackers broke through cyber defenses. They found a way around, using whatever tools they could get a hold of, and it worked.?

What’s the solution, then? Cyber offense.?

It’s not enough to build a strong wall and wait for the enemy to attack—your organization has to be vigilant for potential enemies.

Here’s a great example: Ferrari.?

One executive received a phone call “from the CEO,” talking about a big (and highly confidential) acquisition the company planned. Reportedly, the voice on the phone was nearly perfect—but there was an ever-so-slight hint of mechanism to it. The voice occasionally broke, not quite sounding human.

So the executive paused the conversation and asked the CEO to verify himself.?

But rather than asking questions that could be researched online, he picked something only the real CEO would know: the name of a book the CEO recommended just a few days prior in a one-on-one meeting.?

Being a vishing (voice phishing) scam, of course the robot could not answer the question—and the call ended without the executive giving away any sensitive information that could have led to a breach.

This is a classic story of how simple (and effective) cyber offense can be; the simple but bold step of asking for human verification saved the company untold cost, headache, and risk.?

This post originally appeared on the Connected & Newsletter by Protexxa

Subscribe now to get more insights directly in your inbox every two weeks.

→ Don’t forget to follow Protexxa on LinkedIn

The Cyber Detail: News, events, and resources

Headlines worth reading:

• Protexxa Raises $10M Series A Fundraising Round (TechCrunch): The funding will help Protexxa grow its AI-powered cyber platform in the US market.

• State-Backed Cyber Attacks On Shipping Continue To Rise (Financial Times): Rising geopolitical tensions are to blame for increased attacks on maritime industry.

• CrowdStrike Bug Reportedly To Cause $5.4 Billion In Damage (CIO Views Magazine): Approximately 25% of the Fortune 500, along with thousands more organizations that use Microsoft, were impacted.

Resources, guides, and research:

• The American Hospital Association Launched A New Cyber Resources Centre For Healthcare Institutions: Organizations can access public links to resources.

• CrowdStrike Continues To Update Post-Incident Review And Resources Hub: Organizations can access the latest insights on recovery efforts for Microsoft devices.?

Tips to up your cyber offense

? Get skeptical — Listen to your human intuition. If an email seems off or a phone call seems mechanical, ask for verification before following any instructions (or downloading any file).

? Learn from others — You don’t need to be the second instance of the same attack. When others face cyber incidents, learn what happened… then make sure you fix that gap in your organization.

? Security is an ecosystem — Review your vendors’ cyber and quality protocols. Partner with them, if possible, to share best practice approaches to cyber. Remember: you both win if you’re both more safe.

ICYMI: Cyber headlines that still matter

Israeli cybersecurity firm Wiz rejects Google’s $23 billion takeover offer (The BBC): Wiz founder’s note to employees said he was “flattered” by the offer, but would ultimately say no.

79% of financial firms cite cyber risk as the key thing stopping digital transformation (FinTech Magazine): Further, 77% of investment firms and 69% of financial institutions see the need to demonstrate resilience against cyberattacks and stay ahead of AI advancements.?

Cyber professionals are burning out (HelpNet Security): Organizational leaders are worried a mix of burnout and talent shortages will lead to significant cyber risks on top of the human toll.

Subscribe to Connected & Protected to get more insights directly in your inbox every two weeks

→ Don’t forget to follow Protexxa on LinkedIn