There are many forms of hacking, and a misconception of most standard IT users is that once a system is compromised it is immediately apparent. It’s easy to come to this conclusion because often a virus successfully infects a system, it reduces the performance of a computer to a mere shadow of itself and a prompt support ticket is raised with IT, the PC is whisked away to a workshop to be cleansed and that’s often all the end-users are aware of.
The scarier lesser observed truth is viruses, hacks, hackers presence in systems and considerable holes in security are present for days, weeks, often months before the moment of attack, and in the last few months, this has been accelerated exponentially thanks to how quickly the world is moving to accept working from home/remote working. Opening firewalls up for remote working, configuring VPN connections, establishing connections from remote sites using third party software in less than ideal test environments then pressure from higher-ups requiring access be opened up to allow for business to continue to function leaves corners cut and systems exposed.
Far more damage can be done if a virus is given time to analyse its reach and access potential. What’s the benefit of infecting one machine, being discovered and being removed from the system if instead, hackers bide their time, feel around a bit and see how much damage they could do. This is often how planned attacks pan out. Once a security flaw is exploited, maximum disruption is planned before actual disruptive action is taken.
In most cases, in your typical small business environment, this is quite a fast process as the virus delivery system will be able to spread in a matter of seconds, infecting as it moves through your systems. But what about multi-site multi-million pound IT infrastructures. Like Hospitals. Two hospitals in the Czech Republic were hit in March 2020, reporting repeat attacks a day later and intervention of the US State Department threatened consequences if attacks continued. Microsoft’s recent research and studies find that ransomware attackers are targeting the worlds health care systems, stretching them to their limits.
Not every business has the US State Department to defend it, and it’s only a matter of time until these complex attacks are more common knowledge for the hacking community, eventually, an individual will be able to orchestrate these attacks rather than groups of malicious intellectuals, and this is typically when we see ransomware become a commodity on the dark web.
Some hacker groups are pledging to leave hospitals alone during the coronavirus crisis. Which on the surface seems ethical, doesn’t change the fact that hacking isn’t going away any time soon. And with the COVID pandemic catapulting business globally 5+ years into the future, many aren’t prepared from a Cybersecurity perspective. Protecting your business will always be well a worthwhile investment but has never been as important as it is now.