The Triton

Career

On Course: Don’t fall hostage to ransomware

ADVERTISEMENT

On Course: by Jay Lasner

It can look legit. An email from a management company that appears genuine, from someone we may know and work with, asking that an invoice be reviewed and authorized so an actual vendor we are familiar with could get paid.
Seems harmeless enough to open the email attachment, sign off the invoice, and move on.

But four months later, a menacing skull and crossbones could splash across the computer screen, demanding payment of $1,000 in an online, anonymized currency in order to access the now-encrypted computer that has just been infected by ransomware.

Remember that innocent looking email a few months ago that looked legit?

This scenario is playing out more and more, and not a day goes by when the media doesn’t trumpet a new cyber attack. The most recent “big” one was Wanna-Cry. That one made the news because it shut down much of the U.K.’s National Health Service.

But many more malware variants, cyber exploits and ransomware – a form of malware that holds us hostage – continue to spew from the computers of cybercriminals intent on ruining more than just our day.

The AV-TEST Institute recently registered 390,000 new malicious programs per day, 12 million new malware variants per month.

There is a distinction between malicious and non-malicious cyber risks. The key is intent. Events may be the result of deliberate malicious acts or they may be unintentional. The cybercriminal sends the malware in an email; unknowingly we open it and unintentionally infect our computer network at the office or aboard ship.

The cyber theft “industry” has matured enough to offer MaaS, Malware as a Service. Much as we all currently use legitimate cloud services such as  Outlook, QuickBooks, Adobe and various email providers on the internet – all forms of SaaS, or Software as a Service – those with malice can, with no technical knowledge, run their own ransomware campaigns by simply subscribing to cloud malware services on the Dark Web.

That innocent-looking email I got a few months ago was really a spear phish – a highly targeted, carefully crafted phishing malware designed just for me. It was likely created through social engineering that used select information about me from social media, as well as information possibly from co-workers who innocently answered a few questions solicited in a phone call to the office, or other publicly available information about me.

Ever try searching your name in Google or Bing? Try it sometime.

I was fortunate enough to not open the email attachment, as legitimate as that email appeared. I was suspicious, analyzed the email’s metadata, made a quick verification phone call and confirmed that my hunch was right.
There are three foundations of any security process: people, policy and equipment. How these three elements interact determines the security outcome.

We can prepare our computers with firewalls and antivirus software. We can set up rules and regulations, things we must and must not do. But people continue to remain the weak link in the cyber security chain.

The Department of Homeland Security states: “End users of all descriptions are the weakest link and need to be made aware of phishing, password protections, identity theft and the like. They also need to be able to detect, diagnose and speak up when something doesn’t seem ‘quite right.’ ”

Security, including cyber security, begins with awareness.

All cybersecurity and risk management experts agree that education and training is a critical element to managing cyber risk. Though it can’t be eliminated, the risk can be managed. Most feel that 80 percent of the risk can be mitigated by appropriate management of people, policy and equipment.

Start by having a high degree of suspicion, not opening attachments or links in emails you weren’t expecting, and if you think it is legit but you aren’t quite sure, confirm that it is, in fact, legit first. It will help keep “Your Career On Course.”

Jay E. Lasner is chief executive officer of Bluewater Crew Training USA in Fort Lauderdale. Comments are welcome below.

Related Posts...
On Course: by Lisa Hoogerwerf Overing Opening the mysterious tube, Read more...
On Course: by Clive McCartney Tax season, wonderful.  Add that Read more...
On Course: by Clive McCartney Deadline time – how did Read more...
On Course: by Clive McCartney A quick check of Marine Read more...
On Course: by Clive McCartney Earlier this week I enjoyed one Read more...

Share This Post

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Editor’s Picks

Triton Networking with Ward’s Marine Electric

Triton Networking with Ward’s Marine Electric

Triton Networking, our monthly gathering of yacht industry professionals, continues on the first Wednesday in October at Ward’s Marine …

Engineer’s Angle: Corrosive forces unavoidable, but manageable

Engineer’s Angle: Corrosive forces unavoidable, but manageable

Engineer's Angle: by Rich Merhige Corrosion happens. On yachts, there’s a perfect storm of different metals, forces and particles that …

Triton networks with Alexseal

Triton networks with Alexseal

More than 200 yacht captains, crew and industry professionals joined us for Triton Networking tonight with Alexseal. Our guests enjoyed …

Culinary Waves: Yachting bears hard workers prepared for success

Culinary Waves: Yachting bears hard workers prepared for success

Culinary Waves: by Chef Mark Godbeer Yachting – my life for 15 years, a life I would not change for anything. I wouldn’t call …