cybersecurity attacks lessons learned

4 Real-World Cybersecurity Attacks: What Businesses Can Learn From Each

November 29, 2016 | By

The headlines are flooded by them. Businesses are tired of them. Your customers are concerned about them. I’m talking about cybersecurity attacks.

Malware, ransomware, and other forms of cybersecurity attacks are on the rise. And it’s not just the big companies who are being hit; small businesses, even mom and pop shops, are vulnerable, too.

It’s time to fight back.

But as a small business with limited resources, how can you stand up to these attacks? We can start by learning from four real-world case studies, which we’ll discuss below. Additionally, we’ve developed a free Incident Response Plan that will help you evaluate your current security plan and update it to meet today’s threats. You can download it at the bottom of this post.

Here are four examples of small businesses, municipalities, and other organizations who were targeted by malware, and what we can learn from their situations:

1. Ransomware: A Police Department in Distress

Ransomware is a type of malware that encrypts your data so that you can’t use it until you pay a sum of money (typically $500+). Some of the recent victims include civil institutions like schools, hospitals, city governments, and now, local police departments.

For one county sheriff’s department in particular, a ransomware attack cost them approximately $8,500 per hour with a total downtime of several days. Imagine how much it would cost your business if you were shut down for that long!

While the cost of ransomware can be high, especially for a small business, often the side effects of the attack (loss of data, inability to continue with day-to-day business functions) can be even costlier, which is likely why the FBI recommends paying up.

We’d like to offer a better option: proactive defense.

What you can do to prevent ransomware:

  • Create a business continuity plan that determines what to do if an attack hits during a busy period (e.g. at the end of a quarter or during tax season).
  • Identify files and systems critical to your business.
  • Back these files up every day and have a redundant copy of your servers.
  • Test the restore process at least once a month.

Having a redundant copy of your data and systems means you won’t need to pay the ransom in order to get it back and can continue doing business as usual.

2. CEO Email Fraud: Vulnerable Employees, Lucrative Gains

Who within your company holds the most power and authority? Chances are, it’s your CEO, and attackers are taking advantage of this by impersonating their email addresses in order to acquire money and information for financial gain.

One case in particular involved a retail chain whose CEO and CFO email accounts were hacked into. Attackers emailed the Accounts Payable department from these accounts, asking them to wire money to an offshore account. By the time the attack was discovered and stopped, $30,000 had been wired and deemed unrecoverable.

For a small business, this could be a quarter or more of your monthly profits gone — and that’s not an easy pill to swallow.

What you can do to prevent CEO email fraud:

  • Educate employees about email fraud by demonstrating what an email may look like. In fact, this tactic can be effective for all types of attacks, not just email fraud.
  • Manage your passwords using password management software (so that they are automatically populated for you) and enable two-factor authentication for all of your web based apps that support it. Never reuse passwords.
  • Create an escalation process so that if/when an employee gets such an email, they have a place to report and verify it before money or data is sent.

3. Tax Return Fraud: Presnell Gage Duped

Tax return fraud is expected to hit $21 billion this year. Presnell Gage, a small accounting firm out of Lewiston, Idaho, learned this the hard way when their systems were broken into and attackers were able to lurk inside for months stealing information about the firm and its customers. With this information, they were able to file fake tax returns and siphon the money into their own accounts for financial gain.

Instead of being flagrant (such as in the case of ransomware and CEO fraud), these attackers remain very quiet so they can steal from you for long periods of time. That’s why finding them is a big challenge. In fact, it was the IRS who ultimately discovered the fraudulent returns while analyzing tax return trends, and notified the firm immediately. You can imagine how stunned they must have been.

For small accounting firms like Presnell Gage, the damages from tax return fraud can be immense, from a loss of trust from customers to expensive disclosure and PR costs.

What you can do to prevent theft of customer information and protect your organization:

  • Have a customer and public relations plan in place to build and maintain rapport during moments of crisis.
  • Develop and include limited liability language in your customer contracts.
  • Validate that your cyber insurance policy covers you every year in case of a breach.

Our single best piece of advice is to have each of these in place well in advance, because in a time of crisis, it’s simply too late, and that can spell disaster for your entire business.

4. Insider Trading: Ukrainian Hackers Steal Press Releases

This incident occurred in a very similar fashion to the tax fraud example above whereby five stock traders in NYC were working underhandedly with Ukrainian hackers to break into the two biggest news wire services, Business Wire and PR Newswire, to gain insider knowledge.

The Ukrainian hackers were able to infiltrate both systems undetected, enabling them to steal over 150,000 press releases and pass the information to associates in America and Ukraine, who allegedly used it to buy and sell shares of dozens of companies, including Panera Bread Co., Boeing Co., Hewlett-Packard Co., Caterpillar Inc. and Oracle Corp.

It was the SEC who ultimately detected the insider trading activity and notified both Business Wire and PR Newswire. Had they not been prepared with a public relations plan, they could have faced grave consequences.

What you can do to prevent information theft:

  • Employ an anti-malware solution that can identify indicators of an attack and help you find the victim.
  • Have a public relations plan. This can, quite frankly, make or break your business. The companies who don’t have a PR plan and remain silent during incidents can quickly go out of business, whereas those who engage with the public and openly communicate have a good chance of coming out ahead.

Developing Your Incident Response Plan

As a small business, you can’t afford not to have many of these basic yet crucial protections in place. But with limited resources, time, and budget, it may seem impossible to do. That’s why we compiled an Incident Response Plan document that can help your team plan for each of these four common scenarios and maintain a proactive security posture.

You can download your free copy here:

Incident Response Plan