View original article from WISH-TV here
INDIANAPOLIS (WISH) — While big corporations may get the most attention for major cyberattacks, experts say it’s actually schools, police departments, nonprofits, local governments and other small businesses that are the most-exposed to ransomware, the most pertinent form of cyberterrorism.
“It’s the same fear factor that, you know, a kidnapping would be your kid is gone, you have to get the kid back,” said Aaron Pritz, co-founder of Reveal Risk, a business management consultancy in Carmel. “Desperation may come into play and that’s what the attacker is counting on.”
Pritz says says attackers can see small businesses as easier targets because they are the least likely to have protective barriers. He says the goal of the attacker is to get as much money possible out of a business often resulting in losing tens of thousands of dollars.
That was the price tag for Hancock Regional Hospital in Greenfield back in 2018.
“There were moments in the middle of the night on that Friday night where we sat there and said, ‘Are we going to get through this?’” said Hancock Health CEO Steve Long.
Long says the ransomware attacker locked Hancock Health’s entire computer system, giving them no other choice but to pay $55,000 to the attacker to restart the system.
Now, the hospital likes to educate others on the importance of protecting themselves and on how the hospital is more prepared for the rise of attack attempts they’ve received over the last few years.
“We blocked tens of thousands of malicious emails every day,” Long said. “I talked to our cyber folks. We are up about 40% over where we were back in 2017.”
Just last week, the FBI compared the challenge of controlling the skyrocketing rise of ransomware attacks to 9/11. According to the FBI’s Internet Crime Report, there were 9,746 Indiana victims to cyberattacks in 2019. By 2020, the FBI reported 12,786 victims, a 31% increase.
While the FBI tells victims to never pay the ransom to discourage more attacks, Pritz of Reveal Risk says, most of the time it’s a very difficult decision for a business and often times the ransom is less than the money it would take a business to rebuild.
“Sometimes you’re chasing ghosts, and it’s not as easy as somebody that robs a bank. And, you know, you see the footage and you see their license plate and you can kind of follow the bread crumbs.”
At Reveal Risk, we evaluate, design and deliver strong processes and results in cyber, privacy, risk that work efficiently, are fit-for-purpose, and are sustained. If you find that you want assistance in building your company’s cyber security strategy, governance, and plan towards desired state maturity, please don’t hesitate to connect with us at firstname.lastname@example.org.
About the Author
Aaron Pritz is senior IT/Security/Privacy/Risk leader with over 20 years of experience including at a large pharmaceutical company in the Midwest. Aaron co-founded Reveal Risk in 2018 after seeing significant corporate leadership and “execution of strategy-to-operations” capability gaps in the cyber security and privacy consulting industry. Aaron is a creative thinking strategist that brings strategies to life through engaging approaches and teamwork. He is an active industry influencer and speaker on the topics of business-driven risk management, insider theft, and cyber security in healthcare, and is no stranger to helping companies progress both before and after incidents/breaches (ideally the former!).