The Garmin Hack: Lessons Learned

On July 23rd, Garmin fell victim to a cybercriminal attack. A lot of the specific details of the attack are not confirmed. It is believed that the Russian cybercriminal group, Evil Corp, attacked Garmin with WasteLocker ransomware, encrypting their files and demanding 10 million crypto release them. Beyond the ransom, Garmin lost millions more paying employees who couldn’t work..  

Fortune 500 companies rarely fall victim to these types of attacks, and now that these Cybercriminals were successful, others will be encouraged. In this post, we will take a closer look at what exactly went wrong for Garmin and how to avoid a similar mistake. 

The Culprit

Though Garmin has not officially identified the hack’s source, we know that ransomware is often downloaded via a phishing email or through drive-by downloading. Inadequate firewall, end-point protection, and lackadaisical cybersecurity practices exposed Garmin to the criminals.  Adequate cybersecurity protocols and equipment would have cost the company less than 10% of what they ended up losing. We can help you avoid the same mistake, give us a call today. 

Phishing: Cybercriminals will target individuals and contact them by email, phone, or text message, usually posing as a legitimate institution. They then will try to lure the target into giving up sensitive information or clicking on or downloading a malicious link or file. 

Drive-by downloading: Drive-by downloading occurs when a user visits an infected website, and then the malware is downloaded and installed, typically without the user’s knowledge. 


How To Avoid A Ransomware Attack 

Ransomware attacks can be costly, but more importantly, they can ruin your reputation and your relationship with your clients. If you aren’t already working with an IT professional to secure your companies data, please reach out to us today. We can help keep your company out of the next cyber hack headline. In the meantime, we have compiled 5 tips to avoid a ransomware attack.

1. Back up your data regularly

Backing up your data to a non-connected environment allows you to have a copy of all your necessary information that won’t be affected by the day to day activity on your leading network.

2. File Access Management 

If an employee doesn’t need access to specific files or information, don’t give it to them. This helps reduce the amount of damage if someone from your organization is hacked. 

3. Monitor your Network Activity 

There are multiple tools that can help monitor your network activity and will alert you to potential risks.  

4. Remote Working Security Protocols

Remote work can create loopholes in your cybersecurity. Accessing company data from a personal device or home network can put your information at risk. Having detailed protocols for how to access company information from home securely is vital.

5. Employee Cybersecurity Training 

Phishing and drive-by downloading are both attacks that require the participation of the victim. Training your employees to recognize and avoid these attacks can go a long way towards securing your information. Additionally, if your employees work from home, encourage them to share this training with their families. Read more about why this is important in our last blog: The Newest Cybersecurity Threat: Your Employee’s Kids

 

Find Out How 10DTech Can Help Your Organization

Utilizing a consultative approach that takes a project from design through deployment with outstanding long term support, 10D Tech helps businesses achieve new levels of operational efficiency, rapid expansion and customer success and engagement.
The Garmin Hack: Lessons Learned
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *