Guidance for Withstanding CyberattacksMarch 1st, 2022 by Rebecca Barnabi
Cyber threats have been a concern for some time now, and the door and window industry is not immune to them. Experts expect an increase in cyberattacks in response to actions by the U.S. against Russia in response to its attack on Ukraine. Experts also say that large or small, there are steps your company should take to prevent hacking.
Jeff Lanza spent 20 years with the FBI fighting cybercrime. Now he runs The Lanza Group and travels for speaking engagements. As the number one keynote speaker for the FBI, Lanza speaks on cyberattacks, identity theft protection, and how to keep children safe online.
“Because hackers, wherever they live, because they have the ability to affect our computers in the U.S., one method of retaliation for sanctions in a country is to attack another country [through computers],” says Lanza. The cyberattacks could be state-sanctioned or could be the work of individuals. “We are woefully behind in terms of our cybersecurity in the U.S.,” he says. Biden addressed this in the Infrastructure Investment and Jobs Act 2021. “The Russians know that as well as other countries,” Lanza says.
“I think any company needs to be more careful about how they train their employees,” Lanza says of what companies can do to prepare after the sanctions are enacted. The most common way hackers get to companies is through emails with malware.
“It depends on the attack,” Lanza says of which industry hackers are more likely to target. “They target specific industries based on who they think is apt to pay.” Ransomware is used by hackers to hold a company’s business hostage until payment is received. “These types of companies are more likely to pay, so they are targeted for that reason,” Lanza says.
The three most common types of ransomware are:
- Ransomware. A company’s files are locked on company computers, and an electronic key is needed from the hackers to unlock and decrypt files. Malware is used to encrypt the files and make them inaccessible to a company. A ransom is demanded for the electronic key.
- Cyber blackmail. Hackers steal company files containing customer information from a database and threaten to release the information if the company does not pay a ransom.
- Proprietary blackmail. Hackers gain intellectual property such as business documents that a company would not want a competitor to have access to, and the hackers threaten to release the information unless paid ransom.
Another form of hacking, Lanza says, involves the actual theft of money from a company. Hackers can achieve the theft of funds through Intercept communication of wire transfers or they can gain banking information, which can include employee banking information. “That can be very serious,” Lanza says. The theft of employee banking information also encourages identity theft. “These are the main two [forms of hacking] that we see today.”