News

Sophisticated criminal groups around the world are responsible for ransomware attacks that occur with increasing frequency. Here’s how to protect your company’s data.

By: Brad Randall, Broadband Communities

Hackers, like the ones behind a recent ransomware attack on Frontier Communications, are sophisticated criminal groups operating overseas, according to Jason Malmquist, an executive VP and head of software and IT business services at CHR Solutions.

Malmquist said internet service providers (ISPs), especially smaller ones, need to take the necessary steps to protect themselves or risk repeating Frontier’s misfortune.

“This is not somebody in a basement like you think,” Malmquist said during a recent conversation with Broadband Communities. “They are well organized. This is their job. It’s a billion-dollar industry.”

The ransomware attack on Frontier, which occurred this April, allegedly impacted over 750,000 customers, compromising data like social security numbers, phone numbers, and birthdates, according to a filing by Frontier with the Office of the Maine Attorney General.

A notification provided to customers by Frontier following the incident described the breach as an “unauthorized access to some of our internal IT systems” that was detected on Sunday, April 14.

Malmquist said hackers frequently select Sundays to strike, along with holidays, because employees at ISPs will be out of the office. Then, when hackers gain access to critical information, Malmquist said they’ll begin “outbouding” the information to overseas servers.

“There are actually, believe it or not, cloud data centers that rent out time to these types of hackers,” he said. “It’s a disgusting scenario. It’s a reality that happens.”

Hackers enter through doors left open in the security structure of organizations, but there are things providers can do to protect themselves, Malmquist said.

When it comes to paying ransoms, Malmquist said he understands that there are companies that are sometimes left without a choice, but he advised against paying ransoms.

“How do you trust someone that would do this to you and destroy your life, destroy your career, and destroy your company?” he asked. “How do you trust that they’re not going to do something bad anyway?”

Steps to protect your company against ransomware …

“Number one, you should have a private network,” he said.

Malmquist said providers have to think beyond the external networks they run and consider the security of their internal IT network.

“Does anybody stop and think about the internal IT, and the (customer sales rep) that works from home, or maybe goes on vacation to Cabo St. Lucis for the weekend but still takes a few calls and is logged in. Are they secure?”

According to Malmquist, the first providers should do, if they haven’t done so already, is set up multifactor authentication.

“It is the single most important thing to give a private network,” he said.

Endpoint detection is also a critical element of internal network security, Malmquist said. He said endpoint detection can register which devices are operating as open doors to a network by identifying what types of devices are requesting access, using AI to investigate patterns.

Similarly, encrypting data can be a key element of network security, according to Malmquist. Encrypting data via software can ensure that even if data is extracted by hackers, the impacts are minimal, Malmquist said.

And lastly, Malmquist advised being prepared for the event that something happens.

“What’s your plan? Do you have cyberinsurance that will bring in an incident response team?” Malmquist asked. “Are you ready?”

To get content like this delivered to your inbox, subscribe to the Broadband Communities newsletter.