Data theft and ransomware attacks
Cyber attacks are on the rise, costing the U.S. an estimated $320 billion in 2023, according to Statista.
Based on data from the U.S. Department of Health and Human Services, there are currently 19 cyber attacks under investigation in Florida, a majority of them with healthcare companies impacting around 160,000 people.
Last week, OneBlood, the primary blood collector and distributor in Florida, announced it was operating at a reduced capacity after experiencing a ransomware attack.
“The main reason is because of the data that can be leaked as part of these attacks,” said Rob Allen, Chief Product Officer at ThreatLocker, a cybersecurity company in Maitland.
For example, Allen said ransomware attacks, like OneBlood, involve hackers encrypting and often stealing data.
“It's called Double Extortion, and the reason they do that is they can effectively double their chances of getting paid,” said Allen. “If you cause disruption, there's a good chance that somebody's going to pay you to get back up and running. But also, if you steal sensitive information, they think there's a chance that people are going to pay you to ensure that information never gets made public.”
It’s not just the healthcare sector that is at risk. According to the International Monetary Fund’s Global Financial Stability Report, the financial sector is highly exposed to cyber attacks.
Whether you know your information has been leaked by a specific cyber attack or not, Allen said everyone should assume their personal information is already out there.
Insurance, credit assessment and AI
Last year, the Washington Post reported that credit rating agencies were increasingly factoring in cybersecurity as part of their credit assessment criteria.
Allen said that still holds true in 2024.
“More often now, we're seeing organizations can't even get cyber insurance if they don't have a robust cybersecurity strategy in place,” he said.
Ensuring your company is in a good cyber security standing, may also lead to reduced premium costs.
“If you just say, ‘Hey, I don't have antivirus or I don't have any protections in place.’ They're just going to not insure you. And why would they realistically? Because it shows you don't take the problem of cybersecurity and potential data loss seriously,” said Allen.
For business owners, Allen stresses the importance of making sure your company has a robust cyber security strategy, along with protections in place for your personal finances, as the rise of artificial intelligence is making it easier for hackers.
“One of the common tells when you get a spam email is always going to be bad spelling. A.I. makes that pretty much not a problem anymore for bad guys, because they just paste their email into ChatGPT or whatever the case may be, and it'll make it nice, formatted, and spelled properly,” he said.
“You have to guard against unexpected emails, unexpected attachments, even if they look legitimate. They might mention your social security number, for example, which you might think nobody else knows, assume everybody else does.”Rob Allen
Allen adds that A.I. tools can also be misused.
“A short while ago, you could ask ChatGPT to effectively write you ransomware,” he said.
Protections have now been built in to stop A.I from writing ransomware, but Allen said it’s still not perfect yet.
Protecting yourself
If your business is the victim of a cyber attack, Allen said the number one rule is never pay the ransom no matter how sensitive the information is that’s stolen.
“Unfortunately, what organizations do when they do pay is they effectively advertise themselves to the bad guys as an organization, who are going to pay,” he said.
In 2022, Gov. Ron DeSantis signed HB 7055 into law, prohibiting state agencies, counties, and municipalities from paying ransoms to hackers.
However, there are protections you can put in place to protect your business and yourself, like using the zero trust strategy.
For businesses, Allen said zero trust strategy means only allowing “, access to only what is needed, and block[ing] everything else.”
For individuals, Allen said that means trust no one and question everything.
“You have to guard against unexpected emails, unexpected attachments, even if they look legitimate,” he said. “They might mention your social security number, for example, which you might think nobody else knows, assume everybody else does.”
Allen said it's also important to pay attention to your credit file, lock your credit if needed, and keep an eye on your information to ensure no new accounts are popping up in your name.
Protecting yourself against cyber attacks is important, because once the money is gone, it’s hard to recover.
“If you pay for something with a credit card, [in] a lot of cases, they have fraud protections. A lot of cases, they will pay you back,” he said. “If you send large amounts of money to a random bank account, then it's probably going to be a little bit trickier.”
Allen stresses the importance of double checking before sending large amounts of money, like a downpayment for a house, through email even if it’s an expected message.
“Always pick up the phone, always check, always verify, never send any information anywhere, even if the emails comes from the person you expect it to come from, because their email could be hacked. Their account could be compromised.”
Copyright 2024 Central Florida Public Media
