Hackers Start Beef with JBS Ransomware Attack
Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.
What Happened to JBS S.A.?
Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.
Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.
However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.
First of All, Who’s Responsible, and Who is Involved in Fighting Back?
There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.
The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.
The Impacts of Ransomware and Other Threats
While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.
Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.
At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.
Four Considerations for Your Business’ Security
Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that, at any time, they are only a couple of clicks away from causing major problems for their company. This is why it is extremely important to train your staff on what to look for and how to address those situations when they do arise.
To understand the desperate nature of this issue, you simply need to look at the global statistics. According to the Internet Society’s Online Trust Alliance (OTA), 2019 saw losses of over $52 billion as a result of cyberattacks, of which roughly 95 percent could have been avoided through simple, common sense actions and procedures. Additionally, these figures are expected to grow rapidly in the future.
That’s why it is essential that your business, aside from your dedicated network and cybersecurity strategy, comes up with a plan on how to properly train your staff with procedures that won’t stymie your business’ ability to be productive. How you go about doing that is up to you, but this month we thought we would share a few strategies on how to effectively get this done.
Get Your Employees to Understand
Educating a bunch of people (who don’t work in security) to learn about something as yawn-inspiring as network security isn’t impossible, but it takes a little creativity. If someone can relate to a victim, it’s easier for them to do things they wouldn’t typically do because they don’t want to be responsible for another. Use real world examples in your education materials. Chances are many of them have been the victim of identity theft or they’ve had their data leaked as a result of negligent behavior. Show them that many of the things they can do to protect the company are things that they already do to protect their own data.
Create a Culture of Security
If history has taught us one thing about people, it is that people are impressionable. If they are constantly surrounded by a certain message, they will typically accept that message. Creating a company culture that is rooted in security will do a lot of the heavy lifting for you. If your company consistently pushes the need for comprehensive security, you better believe that most of your staff will get the message loud and clear.
Keep Training Consistent
Pushing security can go a long way, but without training that is designed to educate exactly what problems are being addressed by the procedures that are put in place, the whole thing is completely pointless. Employees need to understand:
● How to avoid becoming a victim of phishing
● What network resources they have access to
● The importance their role has in protecting company and customer data
● Solid password management and best practices
● What to do if they do make a security mistake
If every employee you have has a good handle on these five concepts, there likely won’t be a network security disaster coming from your staff in the near future.
Lead By Example
Obviously, in the average employee’s mind, network security, like physical security, is nothing they are inherently concerned with. If they follow procedure, there should be no problem. They figure that decision makers take the time and effort to address these issues and deploy the systems that are needed to protect the business. Not only that, many workers consider workplace security a C-suite issue. Firewalls, antivirus, multi-factor authentication, mobile device management, and intrusion detection are largely looked at in the same way as digital surveillance, access control, printer management, and a slew of other security systems that are controlled by people outside their expertise. In fact, many people look upon these systems as ones that serve to protect the business from them rather than working to protect the business.
Leading by example means that you do the right things and expect that your team follows suit. Being more supportive than demanding is a good way to start. People that aren’t that strong with technology won’t always get it. Unfortunately, it only takes one instance to really create problems, so they must. Instead of being frustrated at their lack of understanding, create documentation and resources that will help them. Work with them to make them understand just how important it is that they need to follow these procedures. They don’t need to understand the workings of complex IT systems, they just need to avoid the big mistakes that could cause major problems for the company.
At Jackson Thornton Technologies, we can help your business put together a plan to help you protect your business from end to end. Our IT professionals can help you put together procedures and a training plan that will give your business the resources it needs to stay secure. To learn more, call us today at 334-834-7660.
It’s Time to Focus on Data Privacy and Compliance
Most businesses have compliance regulations they need to meet. 2021 is becoming somewhat of a tipping point for some. Companies are dealing with the development of new data privacy laws that will surely add some responsibilities on top of already established regulations. This month, we thought we’d take a look at compliance and why it is important to stay on top of it.
Before we get into regulatory compliance, we should mention that compliance with company-wide regulations (that presumably you’ve set up for a reason) are not exempt when considering your business’ compliance responsibilities. Understanding where your organization is in meeting both outside and inside compliance requirements can set you up for success, even as your business doesn’t look the same way it did in the past.
Outside Compliance Considerations
When compliance regulations are considered, typically these are the qualifications that need to be met. They are traditionally ethics-based regulations set up by legislators to help govern fair enterprise. Today’s business creates, collects, and uses data in new and exciting ways, and having to meet regulatory benchmarks becomes more and more crucial. Most of these regulations are governed by federal, state, and industry legislative bodies and organizations created to do that. If they are not met, it can cause some difficult problems for any business. These include fines, suspension of service, and more.
Inside Compliance Considerations
The regulations you set up for your own business obviously don’t carry the risks inherent in meeting regulatory requirements, but presumably you’ve enacted these benchmarks and requirements to help manage and operate your business effectively, so meeting those standards is important.
Massive Push For Data Privacy
For some time now, consumers have been more cognizant of how their personal information can be used against them. That doesn’t mean that many people have taken the steps to protect that data, but that is evolving. Typically, any regulations aimed at data protection have been made to keep organizations from taking advantage of stakeholders, but now, it seems, there is a fairly large section of people that are actively looking to help individuals protect their personal data. Unfortunately, many of the major technology companies don’t seem to be among them.
The establishment of the General Data Protection Regulation (GDPR) by the European Union was a landmark day for individual data privacy. It held businesses accountable and gave individuals control over a lot of their personal data. Much of the same data was shared with impunity before the GDPR went into effect. Today, there are several data privacy laws on the books in the United States, with a federal data privacy law looking inevitable in the years to come.
Outside of the GDPR (which affects any business that does business with European companies) most of today’s requirements have been in place for quite some time. Regulations like HIPAA and PCI DSS affect millions of businesses, so it is important to have a set of strategies in place to keep compliant. Here are a few tips:
1. Stay in Good Standing - You need a Certificate of Good Standing. Otherwise you can’t legally do business in most states. This is a certification that is issued by your state and requires your business to be registered as a legal entity, be current on tax filings, and meet other benchmarks or be suspended from doing business in that state.
2. Be Aware of Any Laws that Govern Your Business - These days, the regulations and laws are always changing. Business in 2021 moves fast, so staying up on the latest regulations will help your business maintain good health and go a long way toward putting you in a position to maintain compliance.
3. Keep Your Contacts Updated - It’s important to keep your business contacts list up to date. This strategy helps by having contacts on hand so that you can handle important issues that might arise.
4. Follow Best Practices - Complaint companies understand the best ways to stay that way. Typically, by following best practices, your business can maintain compliance more effectively.
If you need help staying compliant or understanding how to, give the IT professionals at Jackson Thornton Technologies a call today at 334-834-7660.