On July 23rd, Garmin fell victim to a cybercriminal attack. A lot of the specific details of the attack are not confirmed. It is believed that the Russian cybercriminal group, Evil Corp, attacked Garmin with WasteLocker ransomware, encrypting their files and demanding 10 million crypto release them. Beyond the ransom, Garmin lost millions more paying employees who couldn’t work..
Fortune 500 companies rarely fall victim to these types of attacks, and now that these Cybercriminals were successful, others will be encouraged. In this post, we will take a closer look at what exactly went wrong for Garmin and how to avoid a similar mistake.
Though Garmin has not officially identified the hack’s source, we know that ransomware is often downloaded via a phishing email or through drive-by downloading. Inadequate firewall, end-point protection, and lackadaisical cybersecurity practices exposed Garmin to the criminals. Adequate cybersecurity protocols and equipment would have cost the company less than 10% of what they ended up losing. We can help you avoid the same mistake, give us a call today.
Phishing: Cybercriminals will target individuals and contact them by email, phone, or text message, usually posing as a legitimate institution. They then will try to lure the target into giving up sensitive information or clicking on or downloading a malicious link or file.
Drive-by downloading: Drive-by downloading occurs when a user visits an infected website, and then the malware is downloaded and installed, typically without the user’s knowledge.
How To Avoid A Ransomware Attack
Ransomware attacks can be costly, but more importantly, they can ruin your reputation and your relationship with your clients. If you aren’t already working with an IT professional to secure your companies data, please reach out to us today. We can help keep your company out of the next cyber hack headline. In the meantime, we have compiled 5 tips to avoid a ransomware attack.
1. Back up your data regularly
Backing up your data to a non-connected environment allows you to have a copy of all your necessary information that won’t be affected by the day to day activity on your leading network.
2. File Access Management
If an employee doesn’t need access to specific files or information, don’t give it to them. This helps reduce the amount of damage if someone from your organization is hacked.
3. Monitor your Network Activity
There are multiple tools that can help monitor your network activity and will alert you to potential risks.
4. Remote Working Security Protocols
Remote work can create loopholes in your cybersecurity. Accessing company data from a personal device or home network can put your information at risk. Having detailed protocols for how to access company information from home securely is vital.
5. Employee Cybersecurity Training
Phishing and drive-by downloading are both attacks that require the participation of the victim. Training your employees to recognize and avoid these attacks can go a long way towards securing your information. Additionally, if your employees work from home, encourage them to share this training with their families. Read more about why this is important in our last blog: The Newest Cybersecurity Threat: Your Employee’s Kids