When you have a Cyber attack.. Who are you going to call?

It is not if. It is when. When you have a cyber attack do you have a plan? If your a small business you probably have not even thought of it. Your network suddenly grinds to a halt (Denial of Service attack). How do you handle that? Who to call? Is it bad enough you call the authorities? (believe me they do want to know). Do you have a qualified person on your speed dial that you know can come in to mitigate it? How about a major virus attack? My guess is no because there are not a lot of qualified individuals in the market place.

I have been called in after an attack has happened and someone tried to fix it. Forensically it was much more difficult than if I was first on site. I am finding more an more these days that I am usually cleaning up a virus that is half gone. If your professional is not understanding you have to eradicate these things completely then you are still vulnerable. This is why I put tools in place to see what traffic is going across that network and where it is coming from. I can pin point issues pretty fast but it has been done by a lot of experience.

Gone are the days of run a little bit of Malwarebytes and just think that everything is clean on the machine. Things are much more complicated then that. Your run of the mill "IT PERSON" is getting outgunned these days. So where does a business get help?

My answer is there are far and few between really good security professionals available to small businesses. Most are sucked up immediately in the market by large companies. The smaller IT shops have so many other things going on just keeping businesses running these days.

So where is that threshold? How do you recognize when to call authorities. I have called my Friends at the FBI on several occasions when a client calls and there is an active attack going on but general public probably would not have such great luck with it. So here are my quick and very high level guidelines.

If you are getting a Denial of Service attack (basically so much traffic hits your network from a virus you cant use it) certainly call local authorities and they may and probably will refer you to someone like IC3 (www.ic3.gov) which is frankly where I would start. They can and will help you.

If it is some type of fraud or you think data is stolen then call the FBI. You should have a local Field office somewhere near you. You can find one by going to (www.FBI.gov).

Don't be afraid to call anyone. I think that is one of the big mistakes is businesses just deal with the problem. If it isn't reported then the authorities can not get a good picture of what really is going on. I personally have a portal I go to where I report any type of malicious behavior.


The more we can let the right people know how many attacks, of what type and when the better we can defend ourselves. Its getting tougher each day so call someone. If it is an IT person try to find one with a certification. If not get anyone you can to at least try to knock it down. We have to do this together!!

Security by Obscurity

Businesses all over the nation go through each day with security in the back of their mind. WAY back in their mind because they think it will never happen to them. They remain out of the spotlight. They are not a Target or Home Depot. They may have 10, 20 or even 100 employees and think "why would anyone want my information?"

The fact is that the bad guys are figuring out quickly that small businesses lack even basic security practices. Not patching a system makes is easy even for the not so proficient hacker to get into a system. I deal with a lot of small businesses. In most, but not all cases convincing them to take some precautions like putting in a good router, patching systems and even changing passwords is not very difficult. There are a few that will not listen.

I know of a recent case. A company refused to patch and put some simple security procedures in place. They were an escrow company. HUH??? So they are wiring millions of dollars all over the place but securing the network, not such a big deal because they were small enough that nobody would even bother with them and they barely had a web site so they were hidden.

Um... news for you. The bad guys scan the Internet every day for servers out there and can do that very easily courtesy of tools developed by a University (I am not saying which). The tool goes out every week and scans the entire Internet to find every server out there, what software it runs and will an addition of some other tools can tell you what ports (doors are open) and even what flawed software they are running. A little research. A little social engineering and bingo.

A few days later their accountant is trying pay some bills. Errors. Keeps saying there is a login error to their bank account. Once they finally reset the password (the hackers reset it that's why they could not get in) the find that $100,000's of dollars were sent to Russia and even more to China. Some of the money was recovered... but I can not say the same thing for the company itself. They don't exist. They were not big. They didn't do a ton of business like a Target. They didn't bother paying a professional a few thousand dollars to harden the defenses. Instead.. they thought they were invisible.

Well they are now!! The thing is that frankly nothing is bullet proof. Just like I cant keep someone from getting into my house if they really want to get into my house but I sure am going to put a bunch of roadblocks in their way. The longer any bad guy spends trying to get in the more chance there is he will give up. That is reality. I can not protect any business 100%.

As I say to my clients and anyone who asks. At least lock the door. By not patching (patching is the updates that Microsoft diligently puts out every 2nd Tuesday of every month to fix all of the holes they find) or putting some better equipment in you might at well hang a sign on the door saying "Come on in. Have a look around. Take what you like. I will never know you were here."

Hopefully as I write this some businesses will at least consider looking at things but if you don't know where to start, Google it. Otherwise call a qualified security professional. I have see a lot of bad security practices folks. (More on that later). Do something. It is better than nothing..!!