Cyberattacks: a personal account
Everyone knows someone who has been affected by ransomware, and if you are reading this blog, you now know another. My experience with ransomware attacks is not because I downloaded some wacky .exe or failed a funny phishing test. My data was exposed alongside many others in a massive breach over five years ago. The breach was one of the first major attacks on a large credit reporting agency, and at the time, I did not even realize how much of my data they had and how much had leaked out. For weeks, my life was like a paranoid cinematic thriller. I was unsure who had my info and what they were doing with it.
Organizations did not take cybersecurity seriously in the early days of enterprise-grade ransomware attacks, which made my efforts to rebuild my life even harder. Skip forward to today, and we now dedicate an entire month to education and awareness for both organizations and consumers. Given my personal experience, I thought it would be helpful to share my journey and how you and the companies you rely on can better prepare to handle a ransomware attack when it strikes.
My experience was horrible. ALL of my information was on the world wide web, including banking information, my cell phone data, and more. The attacker was able to port my phone and withdraw money from my parent’s bank account – they made my life miserable until I could lock down dozens of accounts. My mistake (and the mistake many consumers still make today) was not using unique, complex usernames and passwords for EVERY account. This simple thing could have made my life infinitely easier and ensured that my accounts, like PayPal, my phone plan, and many other accounts, had an extra layer to bypass when my password was grabbable from a Pastebin post. Thankfully, unique passwords are now baked into every browser and phone today. While it can be a pain when the autofill fails, having different passwords on every account means that if your password gets shared (and it will), you only have one account to worry about, not 100.
The second thing I recommend for everyone is equally easy to incorporate and, in many places, is now mandated: use multifactor authentication (MFA). Achievable either through third-party authentication apps or simple SMS/call validations, MFA utilizes something only you should have access to and tests when you log in – such as your phone or another device where you can receive a unique login code. Again, security always comes at an inconvenience, but having that second step to every login ensures that you are whom you say you are (mostly). When you pair this strategy with unique passwords, you have a near-impenetrable fortress of account logins.
Everything I have covered thus far has been widely promoted within cybersecurity awareness campaigns, and with good reason: everyone should incorporate these tactics into their daily online behaviors. As individuals, we can use these simple steps to secure everything we do online. The challenge now is to ensure businesses take additional steps to harden their infrastructure further to ensure the data they receive from consumers stays safe. Fortunately, Object First is here to help with that exact scenario.
Businesses fall victim to ransomware attacks every 11 seconds, and more often than ever, backups are the target. Object First delivers built-in immutability, reduces the risk of ransomware encrypting backup data, and utilizes a hardened operating system that protects data integrity. Organizations can confidently recover primary data quickly when ransomware strikes. Ransomware-proof and immutable out-of-the-box, Object First delivers simple, powerful, and affordable backup storage for Veeam.
I hate to sound like your paranoid uncle. However, it’s not a matter of if you will be the victim of a ransomware attack, but when. Everyone needs to take ransomware seriously and ensure that we are doing everything in our power to help prevent attacks at a personal and a business level. Additionally, when they make it past our defenses, we can recover our data as effectively as we can. Even though my data was viewable for all to see, when I incorporated MFA and unique passwords, I was able to decrease what bad actors could do with it drastically.
During cybersecurity awareness month, let’s ensure that we all do our part as people and businesses to increase our security, share our knowledge with others, and never have to pay the ransom.