Worcester Business Journal

16 Worcester Business Journal | December 12, 2022 | wbjournal.com C Y B E R S E C U R I T Y FOCUS BY LIVIA GERSHON Special to WBJ A lawyer was working late one night when he saw a colleague's computer suddenly turn on. Files flashed up on the screen as though someone were at the empty desk searching through the firm's documents and data. Michelle Drolet, CEO of Framing- ham-based cybersecurity company Tow- erwall Inc., said the company was one of a number of small law firms hit by a type of phishing scam. e perpetrators had claimed to be part of a managed service provider and convinced an employee to provide a password and download soware onto the computer. "In this case, they sat there dormant until the nighttime, and then they start- ed to find a lot of stuff," Drolet said. Cyberattacks like this are part of a growing trend, Drolet and others from the industry in Central Massachusetts said. ey pointed to a number of trends leading to increased cybercrime, making small companies especially vulnerable. "Oen, small under-resourced firms that don't have IT departments don't devote a lot of attention to this," said Stephanie Helm, director of the MassCy- berCenter at the MassTech Collaborative in Westborough. "A lot of them just don't view this as a threat to them 'Because I'm small potatoes.'" But Helm said it's becoming easier for bad actors to find vulnerable targets in an almost automated fashion. For exam- ple, bots can scour Microso Exchange email servers, looking for users who had failed to patch their systems aer a vulnerability was discovered. "It's not personal," Helm said. "at bot doesn't know who you are. ey just know you're an easy target." More sophisticated attacks One way cybercriminals can exploit a company once they're inside the system is ransomware. is technique has become more sophisticated over time, Helm said. A few years ago, criminals would simply freeze a company's data and make it pay to get it back. Compa- nies could protect themselves against this threat simply by keeping every- thing securely backed up. But today, hackers are more likely to spend time learning about the company's operation and seeking out sensitive information like customer data they can threaten to sell on the dark web if a company doesn't pay up. "ey have gotten very organized, and they have become like corporations of bad guys," Helm said. "ey've got parts of the company that specialize in establishing access to networks, parts that are really good at negotiations. Some specialize in healthcare organiza- tions, some in financial organizations. ey've got guys that specialize in moving the money aer they get paid so that nobody finds out and traces it back to them." In some cases, she said, the criminals are operating in countries that can't or won't stop them, or even nations like North Korea where the government may view cybercrime as a useful revenue stream. e threat has gotten much more se- rious, with typical ransoms rising from around $1,000 to more than $1 million, Drolet said. And, just as significantly, companies may have to pause opera- tions while they deal with the frozen data, potentially harming their customer relationships and reputation. Cyber threats growing Even small firms face dangers, as Central Mass. experts urge ways to avoid disaster Stephanie Helm, director of MassCy- berCenter Michelle Drolet, CEO of Towerwall, advises companies keep their cybersecurity up to date and train their workers to prevent cyber-crimes. PHOTO/ADOBE STOCK

• Cover