Over the Memorial Day weekend, meat producing giant JBS USA, the country’s top beef producer and second largest pork producer, was hit by a cyberattack, which temporarily shut down its operations. As supplies regain stability, meat prices are expected to increase.
Earlier in May, a cyberattack struck the Colonial Pipeline, which supplies fuel to the Southeast and most of the East Coast. The attack shut down pipeline activities for five days, caused shortages and spiked gas prices.
Russia-based cybercrime gangs are blamed for the attacks. Millions of dollars in ransom was paid by the companies to regain control of their systems and restart their operations.
In just the first few days of June, similar attacks on New York City’s subway operator and the Martha Vineyard Ferry in Massachusetts were reported.
President Biden has signed an executive order urging all private companies to take immediate action to boost their ransomware defenses. The order addresses the country’s vulnerability and urges use of such protections as multifactor authentication; encryption; offline data backup; regular system updating; development and testing of incident response plans; and the segmentation of networks to separate activities like manufacturing and production operations.
“Much as our homes have locks and alarms and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, wrote in a memo to corporate executives and business leaders.
Easy profit from ransomware attacks, combined with more employees working remotely and using less protected systems during the COVID-19 pandemic, are creating this crime epidemic. And the cases we are hearing about are only the tip of the iceberg, as many victimized companies are not publicizing attacks.
These easy-pickings for criminals have expanded cyberattacks from initially just targeting data-rich companies, such as banks and retail outlets, to targeting and shutting down essential services, including hospitals. Their ransom demands are an immediate big reward.
And the targets are not just large corporations or government agencies. Small businesses that have less security protections and fewer resources to combat attacks are even easier targets for hackers.
According to a recent U.S. Small Business Administration survey, 88 percent of small business owners felt their businesses were vulnerable to cyberattack, but they could not afford professional IT solutions and they lacked expertise.
The FBI’s Internet Crime Report estimated the cost of cybercrimes reached $2.7 billion in 2020 alone. About 28 percent of the cyberattacks involved small business victims. In addition to ransomware attacks, common cybercrimes include phishing, where criminals send emails or texts that appear legitimate, but contain malicious codes when opened, or attempt to solicit confidential information; and viruses, which are implanted to corrupt computer systems.
A critical step for both big and small companies is to train employees to prevent attacks and respond quickly to threats. The need for employees to understand security policies and procedures, and to follow them must be stressed.
Training should not be a one-time activity. It should be a constant reminder that is updated regularly to address evolving new threats. It should include the urgency of updating software, adopting “best practices” security measures and understanding how to respond quickly to security breaches.
Companies must develop and implement a site-specific incident response plan that includes contact information, accessing backup data and contacting law enforcement. The Federal Communications Commission offers a cyber planner to help small business owners create their plans. Go to https://www.fcc.gov/cyberplanner
The SBA, including its Small Business Development Centers, such as the one at California State University, Bakersfield, provides information to assist small businesses in enhancing their systems to protect against cyberattacks. For additional information about protective actions that can be taken and available resources, go to the SBA’s website at https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats
Kelly Bearden is the director of the Small Business Development Center at CSU Bakersfield. One of five service centers within the Central California SBDC Regional Network, the Bakersfield center assists small business owners in Kern, Inyo and Mono counties by providing free consulting, small business training and research. For more information, go to www.csubsbdc.com.