Forget Burnout, Your Team Might Be 'Boredout.' Here's What to Do
How to Align Your SEO Strategy with Google's A.I.Search Lab Updates in Time for Holiday Shopping
The Biggest Business Fails of 2023
SBA Expands Relationship With Department of Agriculture to Grow Rural Economies
Time for a Career Change? Why You're Never Too Old to Start a Business
Considering a Shorter Workweek? Here's How It's Going Across the World
What This Magician Knows About the Power of Presentation
Fidelity National Financial, a Jacksonville, Florida-based company that provides title insurance and settlement services for the real estate industry, revealed last week that it had suffered a cyberattack. These kinds of attacks are becoming more common, but there are steps companies of all sizes can take to mitigate the impact.
In a November 21 filing to the Securities and Exchange Commission, Fidelity National Financial said that "an unauthorized third party accessed certain FNF systems and acquired certain credentials." The company also said it was working with law enforcement and cybersecurity professionals to address the incident, which resulted in disruptions to the mortgage-related services it provides.
The ransomware group BlackCat has claimed responsibility for the attack. BlackCat was linked to the Colonial Pipeline hack that caused gas prices to spike in the spring of 2021 and the hack of MGM Resorts earlier this year. According to the Federal Bureau of Investigation, the ransomware group, which is also referred to as ALPHV, had compromised more than 60 entities through March 2022.
Ransomware attacks on companies continue to increase and evolve, according to experts. From January to June of this year, blockchain analysis firm Chainalysis identified $449.1 million in extorted crypto--$175.8 million more than during the same period last year--and the true numbers are likely significantly higher. Earlier this month, a U.S.-based subsidiary of the Industrial and Commercial Bank of China suffered a ransomware attack, disrupting Treasury markets in the U.S.
Government agencies discourage paying ransom, and the Cybersecurity & Infrastructure Security Agency offers resources for small businesses to improve their security practices. Still, most small and medium businesses are forced to close up shop after a ransomware attack, and many business owners say the guidance provided by government agencies is difficult to implement for businesses with limited resources.
Joe McMann, the head of cyberservices for Stow, Ohio-based cybersecurity firm and Inc. 5000 honoree Binary Defense, says companies should be particularly alert to social-engineering attacks, in which a person is tricked into handing over sensitive information. For example, a scammer might pretend to be a member of the company's IT department, and ask for access to an employee's computer.
Along with educating employees to be aware of suspicious behavior, McMann suggests putting in place processes to make it harder for a breach to occur. For small businesses, that might involve scrutinizing the requirements to reset passwords, create new accounts, or access systems remotely. He recommends introducing "speed bumps" that make systems harder to access, such as requiring multifactor authentication to access email. Companies should also look out for anomalies, such as systems being accessed at odd hours or unusual data transfers.
Security experts such as McMann recommend following the principle of "segregation of duties," or ensuring that certain important processes are broken into discrete parts that are handled and approved by different people or departments. That can help with both mitigating internal threats and limiting the damage if an outside party gets access to a business's systems.
Finally, McMann suggests that companies practice how they'd respond to a cyberattack. Company leaders should think through how to shut down existing systems and switch over to backups that are hopefully already in place. TechCrunch reported last week that Fidelity National Financial shut down its systems and scrubbed its servers in an attempt to contain the damage.
"There's no silver bullet," McMann adds. It's a matter of "being aware and understanding your risks."
Sign up for our weekly roundup on the latest in tech
Privacy Policy
Fidelity National Financial Is the Latest Ransomware Victim
2
2
28.11.2023
Forget Burnout, Your Team Might Be 'Boredout.' Here's What to Do
How to Align Your SEO Strategy with Google's A.I.Search Lab Updates in Time for Holiday Shopping
The Biggest Business Fails of 2023
SBA Expands Relationship With Department of Agriculture to Grow Rural Economies
Time for a Career Change? Why You're Never Too Old to Start a Business
Considering a Shorter Workweek? Here's How It's Going Across the World
What This Magician Knows About the Power of Presentation
Fidelity National Financial, a Jacksonville, Florida-based company that provides title insurance and settlement services for the real estate industry, revealed last week that it had suffered a cyberattack. These kinds of attacks are becoming more common, but there are steps companies of all sizes can take to mitigate the impact.
In a November 21 filing to the Securities and Exchange Commission, Fidelity National Financial said that "an unauthorized third party accessed certain FNF systems and acquired........
© Inc.com
visit website
login
who are we?
contact us
qosheapp
Toi Staff
Gideon Levy
Belen Fernandez
Andrew Mitrovica
Mort Laitner
Nikkei Editorial
Rami G Khouri
Ali Fathollah-Nejad
