« Return to Newsletter

FEATURED ARTICLE: WHAT DOES GROUND BEEF HAVE IN COMMON WITH GASOLINE?

Recently, both JBS beef plants and Colonial Pipeline were victims of ransomware that disabled their business operations for weeks.

Consumers on the east coast were scrambling to get gasoline at gas stations, which posted signs reminiscent of the 1970s OPEC oil embargo: “No More Gas, Try Again Tomorrow”. Supermarkets everywhere setup signs telling customers that they may only buy 1 pound of ground beef per day because of shortages. Ultimately, JBS paid $11 million to the hackers to get their systems back online, while Colonial Pipeline paid $4.4 million in Bitcoins.

The Untold Statistics

But remember, Colonial Pipeline and JBS are only the ransomware victims you hear about in the news. There are thousands of untold victims of ransomware you will never hear about, because these businesses simply pay the ransom and don’t report it. Also, the ransomware amounts being asked for by the hackers are between $10,000 - $50,000.

Now, the really successful ransomware hackers don’t just target 1 or 2 businesses. A typical ransomware campaign might involve 500 – 1000 businesses. Doing some simple math, it does not take a genius to figure out that if you collect $50,000 from 1000 businesses, you net a $50 million pay day. Besides the financial loss to businesses, ransomware victims suffer untold millions because of missed business opportunities, loss of employee productivity, or not being able to stay competitive with other businesses.

The Shift in Ransomware Attacks

What is more alarming, however, is the shift from small businesses to key infrastructure companies like Colonial Pipeline. If a company like Colonial could be a victim of ransomware, what would be the next logical step? It’s clear that if ransomware hits our defense industrial base, especially contractors and subcontractors involved in ship building or other military assets production, ransomware becomes less of a financial problem but instead a national security problem.

We all know that NIST 800-171 and CMMC mandate a variety of cybersecurity controls and practices to mitigate cyber risk.  What you might not know about NIST 800-171 and CMMC is that certain cybersecurity controls, if implemented properly, will also help you defend specifically against ransomware.

The Good News: Risk Can Be Mitigated

Rather than being a silent ransomware statistic or becoming yet another problem in the defense supply chain, learn about how NIST 800-171 and CMMC can help your business protect itself against cybersecurity threats, especially ransomware, and become not only compliant but more secure.

Click here to view a recently held webinar where CyberCatch discussed NIST 800-171 and CMMC required controls that, when properly implemented, protect your business against ransomware. Click here to use our complimentary Ransomware Risk Score Worksheet to quickly assess your company's risk for a damaging ransomware attack.

Each month, CyberCatch hosts a webinar on the latest cybersecurity topics, mandates, and recent events. With expert panelists and industry intel that can be found no where else, it is a must-attend event to have on your calendar. You can watch on-demand recordings of their recent webinars, and register for upcoming webinars on their website: https://www.cybercatch.com

ABOUT THE AUTHOR

Andy Kim is a globally recognized chief information security officer and renowned speaker. He has been a business-focused cybersecurity expert for over 20 years, and was most recently the CISO for Allstate. He has successfully led cyber security teams across large global bank and investment operations such as Citigroup, as well as vendor dependent mid-sized regional banks. Andy is an expert in cybersecurity program implementation as well, with extensive experience among global insurance and marketing operations. Today, he guides the team and supports the customers of CyberCatch, as VP and CISO.


« Return to Newsletter