these can be just as damaging to your reputation as having your official account
                       overtaken.


                   3.  Real-time  services:  Any  business  that  offers  real-time  services  (such  as
                       banking  institutions,  healthcare  providers,  etc.)  should  be  especially  alert  for
                       extortion  attacks.  Attackers  know  that  interrupting  key  components  of  what
                       makes your business function will put more pressure on you to resolve the issue
                       quickly.  And  sometimes,  resolving  the  issue  quickly  might  mean  paying  the
                       attacker what he’s asking for in order to avoid a longer downtime.

                       What can you do? Make sure you have adequate backups of your data and a
                       recovery  plan  in  place.  Establish  guidelines  for  how  long  your  business  can
                       afford to be down and how long it will take you to restore data afterwards. Set up
                       processes for determining where attacks may be coming from (especially if your
                       organization  employs  hundreds  to  thousands  of  people),  and  make  sure  your
                       employees know how to report any suspicious activity.

                   4.  Cryptocurrency: With any digital asset that can equate to cold hard cash comes
                       the threat of extortion or theft, and cryptocurrency is not immune. If you choose
                       to  buy  bitcoins,  be  aware  that  attacks  have  already  begun,  and  they  will  only
                       become stronger and more frequent.

                       What can you do? Stay on top of the latest industry news and laws, and use
                       backup and encryption methods to your advantage. Don’t save the passwords to
                       your digital wallet on any personal devices or online password banks. And, when
                       you’re not using it, make sure you store your digital currency offline.

               While new technologies and digital services can pose a significant threat to your brand
               and critical processes, ensuring you have the proper planning and detection methods
               set up can save you a lot of headaches – and money – as extortion methods expand.

               About the Author

                                         Derrick Rice is principal consultant at Asylas, a security, privacy
                                         and risk-consulting firm located in Nashville, TN.

                                         With  over  15  years  in  IT,  Derrick’s  experience  ranges  from
                                         systems administration to technical leadership roles.

                                         He is committed to helping people understand and eliminate the
                                         inherent threats to their businesses.

                                         He focuses primarily on private-sector privacy (CIPP/ US) and
                                         HIPAA regulation. Learn more at https://www.asylas.com/.







                     7   Cyber Defense eMagazine – March 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.