Tale from the Dark Side

Tale from the Dark Side

Penumbrous forces wait to feed on your calamity

  • By Ronnie Rittenberry
  • Oct 01, 2011

In this autumnal month of witchery, trickery, and general tom-ghoulery, there comes a Halloween-worthy tale disturbing enough to haunt the mind of any business owner or information technology professional. It’s a curdling tale of innocence, ignorance or naivete (you be the judge) damned by unseen yet palpable presences—veritable shadow figures lurking and preying like ghosts in the machine.

As is often the case with such tales, this one’s all the more harrowing because it’s true. Or so says Stu Sjouwerman, founder and CEO of KnowBe4, a firm that specializes in Internet security awareness training, especially for smallto medium-size enterprises.

According to Sjouwerman, the unfortunate series of events began on a day much like any other at a small company that provides a subscription service to a specialized database. The company’s network consisted of 20 workstations, an SQL server, an exchange server and a dedicated website server, all linked together by a broadband connection. Normal enough for a smallish business, right? Hold that thought. This is where the story gets weird.

The company did not have a trained IT team—rather, it had one person serving part-time in an administrative role handling IT issues. This unlucky soul was going about his day, taking care of business, when he noticed something that made his spine verily tingle: For no apparent reason, the company’s webserver suddenly started experiencing much higher levels of traffic from countries where it did not even conduct business.

His flesh creeping, the part-time administrator suspected cybercriminals had broken into the company’s network. And, unfortunately, he was right.

All Tricks, No Treats

Sjouwerman says that, upon investigating the situation, it was discovered that one of the workstations had become infected with Zeus malware after an employee clicked on a link in a phishing e-mail. All the company’s servers and a number of workstations were compromised, giving cybercriminals full access to the network. The company’s logs revealed that the webserver was being used to host an illegal music download service, and also that mischievous miscreants had installed hidden rootkits.

The disinfection of the company’s network required a frightful amount of time and expense. Sjouwerman says in a press release recounting the eerie episode that his company spent 110 billable hours correcting the problems associated with the network breach, including:

  • 10 hours to select, order, configure and install a quality firewall;
  • 20 hours to build a new webserver, upload digital backups and bring it “nearline”;
  • 25 hours to scan all servers and workstations with several anti-malware tools to locate rootkits;
  • 15 hours to wipe and rebuild Windows on all workstations to ensure removal of all rootkits;
  • 10 hours to install anti-malware software on all servers and workstations;
  • 10 hours to bring the new webserver online and debug the initial problems; and
  • 20 hours to repair things that broke during the rebuild, install drivers, bring printers back online, and so forth.

At the standard rate of $90 per hour, the total cost for the technical-service cleanup was $9,900, according to Sjouwerman. On top of that, the breached company incurred loss of both revenue and productivity during the repair and rebuild: its webserver was offline for an entire day, resulting in approximately $6,600 in lost revenue; and all of the company’s 20 employees lost at least one workday during the rebuild, at an average cost of $120 per person per day, resulting in a combined productivity loss of about $2,400. Between the outside consultant fees, lost revenue and lost productivity, this single network breach cost the company a total of $18,900. All for that one horrific click!

Grave Consequences

“Many small and medium enterprises think they’re adequately protected against security threats because they have antivirus software, but the reality is that cybercriminals can bypass that software by tricking an employee into clicking a link in a phishing e-mail,” Sjouwerman says. “Most business owners have no idea of the time and cost involved in disinfecting a workstation, let alone an entire network. [The breached company] paid nearly $20,000 to undo the damage caused by one employee’s unwitting click. Those costs would have been exponentially higher for a midsize company with a larger network. And just think how much a business stands to lose when cybercriminals use their network access to capture login information and passwords for bank accounts and other financial transactions. That’s when losses rapidly escalate into six figures.”

Sjouwerman points out that the moral to this haunted mouse tale is that such escalations need not occur.

“Our research has shown that training can reduce employees’ susceptibility to phishing attacks by 75 percent after the very first session,” he says, “and that subsequent testing and retraining can shrink the percentage to close to zero in a matter of weeks. . . . It pays to invest in cybercrime prevention training.”

Sjouwerman adds that, thanks to a free phishing security test on KnowBe4’s website, the initial part of such an investment costs nothing more than a bit of time. He encourages owners of small- and medium-size businesses to take advantage of the test (at www.knowbe4.com/phishing-securitytest/) to learn how many of their employees are Phish-prone™, or susceptible to phishing attacks. The module takes only a few minutes to complete and might well help avoid a nightmarish situation later.

This article originally appeared in the October 2011 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.