by Doug Kreitzberg | May 12, 2020 | ransomware, small business
In October, the FBI warned that ransomware attacks are becoming “more targeted, sophisticated, and costly.” Now, a new survey shows that small business are baring the brunt of these attacks, with 46% reporting that they have been targeted.
Ransomware is a form of cyber attack in which the attacker steals or encrypts the victim’s data and demands payment in order to regain access to that data. The new survey highlights two issues that small businesses in particular at a high risk for further attacks and even irreparable data loss.
1. No Data Protection in Place
Perhaps the most troubling trend the survey found is that 20% of small business do not have data protection systems in place. Using solutions such as data backup or disaster recover tools are essential for a variety of potential issues, but especially for ransomware. According to Russell P. Reeder, the CEO of the company behind survey, “every modern company depends on data and operational uptime for its very survival…Data protection and operational uptime have never been more important than during the unprecedented times we are currently facing.”
With a strong backup system that is tested regularly, small businesses faced with a ransomware attack are in better position to recover their data without succumbing to the demands of the attackers. Without proper data protection systems in place, however, businesses are left in the hands of the bad guy, with no other means to recover their data. And the truth is, the more small businesses that leave themselves unprotected, the more they will be targeted. Ransomware attackers are looking for easy money, and are therefore far more likely to target those who leave themselves the most vulnerable.
2. To Pay or Not to Pay
The survey also found that a whooping 73% of small businesses targeted by ransomware opted to pay the ransom in order to get their data back. One reason for this is that, if a business does not have proper data protection in place, the cost to restore data may end up being more costly than simply paying the bad guys. However, this solution is misguided on a number of fronts.
First of all, there is no guarantee that paying the ransom will result in regaining all or even any of the data stolen. The survey found that 17% of those who paid the ransom did not recover all of their data. Secondly, paying the ransom is a short-term solution to a long-term problem. Paying the ransom signals to attackers that they can squeeze money out of that business in the future. Reporting by ProPublica also found ransomware payments were substantially lower than they are now, and that the number of businesses willing to cough up the dough has led to an increase in the price of the ransom.
Prevent and Defend
In order to defend against ransomware attacks, small businesses should first and foremost ensure they have strong data protection solutions in place. However, this is only one piece of the puzzle. Taking measures such as awareness training can help prevent these attacks in the first place. Ransomware attackers often gain access to systems through malware installed via phishing campaigns. If you and your staff are properly trained to spot deceptive practices, you already have a leg up on the bad guys. Attackers also hope that their victims will panic and make rash decisions. There is no question that falling victim to ransomware is scary stuff, but taking a few breaths, reviewing your options, and responding rationally might help keep your money and data in your hands and prevent further attacks from taking place in the future.
by Doug Kreitzberg | May 11, 2020 | Human Factor, social engineering
“How prone to doubt, how cautious are the wise!”
― Homer
We’ve written before about how hackers and online scammers rely on human factors just as much as technological factors. They attempt to manipulate our emotions in order to trick us into handing over information or even money. However, the problem of social engineering goes beyond these tactics used by scammers. We’ve all experienced the anxious rush to check our notifications as soon as they come in. But these aren’t just simple habits we’ve developed — our phones, and especially notifications, are literally re-wiring how our brains work and even dulling our critical thinking skills.
Ever heard of Pavlov’s dog? It was an experiment conducted by the physiologist Ivan Pavlov in which he rang a bell when presenting food to a dog. Upon seeing the food, the dog naturally began to salivate. After awhile, however, Pavlov rang the bell without giving the dog any food and found that the dog began to salivate based on the sound of the bell alone, effectively re-wiring how the dog’s brain responds to certain sounds. Well, this type of conditioned response is also exactly what our phone notifications are doing to us. The ping we hear when a text or email pops up on our phone acts as a trigger for our brain to release pleasure-seeking chemicals such as dopamine. According to behavioral psychologist Susan Weinschenk, this sets us on an endless dopamine loop: “Dopamine starts you seeking, then you get rewarded for the seeking, which makes you seek more. It becomes harder and harder to stop looking at email, stop texting, or stop checking your cell phone to see if you have a message or a new text.”
However, the way that notifications re-wire our brains goes beyond the endless search for more and more messages. The pleasure-seeking response that dopamine triggers can actually lower our ability to think critically, making us more susceptible to online scams. According to research conducted by The University of Florida and Google, the cognitive effects notifications have on us can lower our decision-making ability. The research found that we are more likely to detect a scam when we are stressed and on high alert. However, hormones like dopamine that are pleasure-based lower our level of alertness and make us less likely to detect potential scams. This is especially troublesome when it comes to phishing emails. Emails notifications release these “feeling good” chemicals which in turn makes it harder for us to discern if what we’re looking at is a fake.
There are, however, some steps we can take to combat this. If notifications are re-wiring our brains to be less alert, one step we can take is to simply turn off all notifications. This can limit the dopamine release that notifications trigger. Taking a few breaths before opening an email also helps. Pausing before responding to a notification can help break the “dopamine loop” by delaying the gratification cycle. Whatever method works best is up to you. The important thing is to be aware of how you respond to things like notifications. Taking the extra few seconds to think about what you’re doing and why might just save you from falling for a phish or other online scams.
by Doug Kreitzberg | May 7, 2020 | Coronavirus, Social Media
The dangers of online disinformation is by now common knowledge, but that hasn’t seemed to stop its spread. The current COVID-19 crisis has highlighted both the pervasiveness of disinformation and the danger it poses to society. We are in a situation where we need to rely on information for our health and safety. Yet, when accurate and false information sit side-by-side online, it is extremely difficult to know what to trust. The Director-General of the World Health Organization recognized this problem as early as February when he said that, alongside the pandemic, we are also fighting an “infodemic.” From articles, videos, and tweets discounting the severity of the virus to full-blown conspiracy theories, COVID-19 disinformation is everywhere.
Despite the steps social media sites have taken to combat disinformation about COVID-19, an Oxford study found that 88% of all false or misleading information about the coronavirus appear on social media sites. Another report found that, out of over 49 million tweets about the virus, nearly 38% contained misleading or manipulated content. The reason is largely because social media sites like Twitter and Facebook are trying to put a Band-Aid on a systemic issue. “They’ve built this whole ecosystem that is all about engagement, allows viral spread, and hasn’t ever put any currency on accuracy,” said Carl Bergstrom, a Professor at the University of Washington. Simply put, the root of disinformation is not just based on the content being shared, but also on the deep-seated practices used by social media to keep users engaged.
How Social Media Platforms Can Fix This
A new report by The German Marshall Fund takes the problem of disinformation head on and outlines what social media platforms can do to combat the problem and foster reliable and accurate reporting. Here are just a few of the steps the report recommends:
Design With “Light Patterns”
Websites and social media platforms often use “dark pattern” interfaces and defaults to manipulate users and hide information about how the site operates. Light pattern design, therefore, involves transparency about how the site operates. This involves using defaults that favor transparence, and even using labeling to shows the source of information, whether the account posting the content is verified or not, and even if audio and visual content has been altered.
Consistent Enforcement of Terms of Use
While all social media platforms have in-depth rules for user activity, these terms are generally inconsistently applied and enforced. By setting a transparent standard and consistently enforcing that standard, social media platforms can more successfully combat disinformation and other toxic online activity.
Independent Accountability
Instead of using government policy to regulate content, the U.S. should set up a technology-neutral agency to hold platforms accountable for a code of conduct focused on practices such as light pattern designs. By focusing on overseeing positive platform practices, the government can avoid having a hand in decisions about what content is “good” or “bad.”
What You Can Do Now
However helpful these changes to social media platforms are, the truth is we aren’t there yet. Fake and fiction stand side by side online, with no immediate way to discern which is which. When taking in information, it is up to you to figure out what is reputable and what is inaccurate. With the large amount of COVID-19 disinformation swarming the internet, its more important than ever to use our critical skills in two specific ways.
Be Self-Critical
Our personal world views, biases, and emotions shape how we take in information. When looking at content online, it’s important to think about your own motivations for believing something to be true or not. Ask yourself why you think something is true or false. Is it largely because you want to believe it or disbelieve it? When we read something online that makes us angry, there is something satisfying about sharing that anger with others. Before sharing content, ask whether your desire to share it is an emotional response or because the information is accurate and important. If it’s predominately coming from your emotions, reconsider if it’s worth sharing.
Be Critical of All Content
In general, we should initially read everything with a degree of skepticism. Doubt everything and be your own fact checker. Look at other websites reporting the same information. Are any of them reliable? Are they all citing the same sources, and, if so, is that source reputable? Don’t share an article based solely on the headline. Read the full article to understand if the headline is based on fact or is just speculation. Look at what sort of language the article is using. Is it largely opinion based? Does it cite reputable sources? Is it written in a way that is meant to evoke an emotional response?
Months into the COVID-19 pandemic, we understand how our in-person interactions can have a negative impact on ourselves and those around us, but it’s important to also understand how our interactions online can lead to similar outcomes. Given the stupefying amount of disinformation about the coronavirus circulating online, it’s more important now than ever to be think critically about what information you’re consuming and be aware about what you say and share online.
