Frank Botta, attorney, laid down the law on cybersecurity.
“My thoughts on this subject can be summarized in three S’s: sensitive, scary, serious.”
Botta, who practices at the firm’s Southpointe offices, succinctly described concerns about threats to a contemporary culture that encompasses computers, information technology and virtual reality, and can undermine companies and individuals. Triple-S was a mantra he repeated several times.
“Anatomy of a Cyberattack” was the focus of a seminar organized by the Washington County Chamber of Commerce, and conducted Thursday morning at the Hilton Garden Inn at Southpointe.
Botta was among four professionals who discussed the perils Thursday morning, along with Justin Domachowski and Jason Hawk – president/founder and chief architect, respectively, of Southpointe-based DeFy Security – and Will Simpson, account executive with Simpson & McCrady, a Pittsburgh insurance agency.
Hawk opened the program with a presentation on “the character of an attack.” He said it can begin with an insider threat, perhaps a disgruntled employee seeking financial gain; an opportunistic individual; a government-sponsored entity; an organized crime group; or “hacktavists,” an individual or a bunch of nameless hackers trying to gain access to government websites and networks.
Hackers, according to Hawk, “try to find out as much about a victim or organization as they can,” then determines how they will carry out their plan.”
Common attack types, he said, are malware, spyware, keylogger (keyboard capture), worms, viruses and ransomware.
Hawk explained that “ransomware is malicious software that encrypts the information on a person’s computer. It will not release these files until the user pays ransom.”
Ransomware attacks are common and can be costly. Botta, offering a stunning example, said there were about 500 million of them during the first half of 2021.
Hackers that April shut down Colonial Pipeline, the largest fuel pipeline in the United States. The company had to pay hackers, affiliated with a Russia-linked cybercrime group, a $4.4 million ransom.
North Pole toys, Uber and Holiday Inn have been more recent cyberattack victims.
Phishing and smishing – emails or texts purporting to be from legitimate sources, but aren’t – are concerning as well. Hawk said some perpetrators set up phishing websites to hit multiple targets. He added, however, that some of these endeavors can be spotted easily because of typographical errors or bad spelling.
A major security issue Hawk cited is that “a lot of people use the same password multiple times” for simplicity sake. One way to avoid that is get LastPass, a password manager that “has consumer editions.”
Simpson advises all users to be prepared for an attack. “Have a hard printout copy of everything. Make a plan and test it on an annual basis. Have a mock attack. Back up critical data and systems.”
Botta said “most teams should have a data protection officer and an attorney.” He recommends that companies “assess the risks, record their assets, understand your key systems and perform a threat analysis. If something happens, get hold of law enforcement and preserve evidence.”
And protect the company’s reputation, which, if compromised, could undermine the firm’s future.
During a question-and-answer session at the end, all four speakers addressed concerns about children being susceptible to phishing offers and other bad stuff on a wide-open internet. They, too, should be enlightened.
“We have to slowly educate all individuals and companies about this,” Botta said in closing.