PRESS RELEASE:

Westchester Businesses and Individuals Need to Bolster Cyber Defenses Immediately 

Recent Iranian threats of retaliation have put Department of Homeland Security and other US federal and state government organizations on high alert for cyber attacks. The attacks are already on the increase and are expected to continue. “In its terrorism threat bulletin, the Department of Homeland Security noted that Iran maintains a robust cyber program and is capable, "at a minimum," of carrying out attacks that could disrupt critical infrastructure, such as the energy sector, financial institutions and government operations.” source: wjla news

NYS Department of Financial Services, in an industry press release on Jan 4 “strongly recommends that all regulated entities heighten their vigilance against cyber attacks” and “in light of the current threat, we urge all regulated entities to notify DFS of any material incidents as soon as possible…. This will enable DFS to disseminate information about new cyber attacks as quickly as possible.”

Michael Schechter, founder of Computer Experts Group, Ltd. suggests that everyone in the greater NYC area is a target--whether an individual or a small business or large multinational corporation, or someone from a local Highway Department--they are a target and all together form a network of vulnerabilities. Everyone should be on high alert and start doing their part as defensive cyber citizens geopolitical crises escalate.

"Small businesses can be a weaker link than large corporations. They often invest less in cybersecurity and employee training, making them more vulnerable to malware and ransomware. And a lot of these smaller companies are part of the supply chain to larger companies and vital infrastructure."

“When NYC is a target, Westchester citizens are part of that. Think the NYC infrastructure--internet and phone lines, electricity generation, gas supply, roads, water. And people--every one of us knows someone or is connected to someone who knows someone who works in one of these places--and is therefore a part of the network of vulnerabilities. 

As a fictitious (but plausible) example, the "malicious actor" (the Iranian Cyber Warfare entity right now) is trying to cause a big disruption to a big US financial center -- NYC. The malicious actor starts looking in Westchester towns for civil servants who work for the town. They scour social media (Facebook, Linkedin, Instagram, etc.). They find "Joe", a highway department employee from northern Westchester. In the social media sites, they find Joe is connected to Jane, who has nothing to do with Westchester, NYC, infrastructure or anything. She just knows Joe. The bad actor use a few types of phishing emails to get into Jane's personal AOL account. “Jane” then sends a holiday card to Joe. But this “holiday card” is specially designed to infect Joe's computer and/or cell phone when he opens it, and effectively gives the bad actor access to Joe's computer, and his work emails. They can sit quietly and gather intel from there. In reading all of his email (including new email), they find Joe knows Jules, who works as an engineer at Indian Point. They follow the same basic steps and try to -- and eventually, successfully -- compromise Jules' computer and phone from Joe's accounts. Since Jules has access to system controls, the bad actor now has their virtual finger on the control button.”

Computer Experts Group recommends that all entities PREP:

  • Protect: Patch all of your computer operating systems, antivirus/antimalware, 3rd party apps, phones, networking equipment, etc. are up to date with the latest manufacturer's patches, updates and upgrades. Harden defenses, and secure all services you use with MFA (multi-factor authentication).
  • Respond: Iranian hackers tend to prefer to attack over the weekends and at night, because they know that is when you're less likely to be vigilant. Let your IT teams know that you want increased monitoring. Let your business associates, families and friends know to call you to verify any odd communications or requests. 
  • Educate: The easiest way for a bad actor to get access to your company is through emailed phishing campaigns or some other way to get an uneducated user to click on something and run it. Educating your staff on computer threats and the value of protecting your business assets is inexpensive and easy. 
  • Plan: It's good practice to manage your business risk by planning on what to do if something does happen. This goes for physical threats like storms and power outages as well as cyber threats. 

 

Michael Schechter, founder of Computer Experts Group, Ltd. is a cybersecurity specialist that provides IT services and cybersecurity infrastructure to Westchester financial services companies.  

Contact Michael: 914-644-6471 || Website || LinkedIn ||

Available for media interviews

________________________

Announcement:  Digital Defense Webinars For Westchester Businesses, January 21 and 28. SIGN UP