The Expert Podcast

So how do cyber hackers work? How does ransomware work? How does cyber liability work? Well, you see these photos, like in this article, with the hacker with the hoodie, and you can't see his face and it's all lurking. That's really not how hackers work anymore—how cyber attackers work anymore. It's an organized business for these individuals and these entities. They have sales departments, they have management, they have offices, they have a very well-funded large operation.

If your company is looking to protect itself from cyber attacks, keep in mind that those who are looking to do you harm are just as organized as your company. You have management meetings, you have bonuses, you have motivational procedures, you have an employee manual—these hackers have the same thing. It may not be as formalized and may be more distributed over a wider area, but the hacking companies now are well-funded and they sometimes outsource work to other parties, just like you would. They have staff that look for opportunities, just like you would.

Your cyber insurance company that you have your policy with will be keeping up to date on the current procedures used by cyber hackers, and they will provide you with that information—how to avoid that—because every month, every 90 days, there are new methods used by the hackers to get into your company. They'll find the easiest way in, even if it doesn't give them a lot of access to begin with. For example, if you have a receptionist that doesn't have logins to the server or admin or anything else, but they do have an email address, they'll find a way to get into that receptionist’s email even without their knowing.

Maybe they send them a funny meme with a picture, or they send them an email with an attached document, and they open that. Now they're able to compromise that low-level employee, the admin employee, in their email. And by having that email, they might be able to send out an email to somebody else saying, “Hey, by the way, here's a document that you need,” and they can send that email to somebody higher up in the company—maybe a programmer, maybe an IT person, maybe an executive.

Once it’s into that system, what they do is they work their way up the food chain. Once they're into the low-level employee—even we had one at a car dealership—they got into one of the mechanic’s emails and had the mechanic then send an email to the service manager, who sent it to the sales manager, to the general manager. Next thing they know, they had a high-level email contact that had access to some pretty sensitive information: customer information, credit applications, vendor information.

The hackers are able to download all this and extract it—what they call “exfiltration”—from the server, get it onto their system. Once they had all the sensitive information, then the hacker did ransomware, where they locked down the server of this car dealership. The car dealership couldn't sell any cars, they couldn't work on any cars, they couldn't do anything until they paid the ransom or they restored their system.

Now, most companies that do best practices have a backup of their system, but that backup may not be enough to restore the whole thing. It might back up some of the data, but you have more than data on your server—you have programs, apps, software, documents. Just because your customer data is backed up, that's usually a convenience for you to refill up your system. But if your hard drive has been corrupted—your program that runs your operating system, your program that runs your management system, your sales force—all those things might be deleted.

You might have to reinstall every piece of software and then put the customer data back in. There may be a lot of things that need to get installed that you may not have access to. Your backup is probably only backing up data and records—not the actual program files. Some backups actually do a mirror—take an image of that hard drive—but even then, sometimes the reinstall has problems because a serial number on one computer is different than another.

So there's a very specific way you want to do your backups. The best way to do it is actually to keep a mirrored version of your server—not do a backup, but keep two copies that are equal—and have one of them be firewalled from the web and firewalled from other computers so information only goes one way.