What Can We Learn From the Garmin Ransomware Attack?

What Can We Learn From the Garmin Ransomware Attack?
Published on

Famous ransomware attacks teach us certain lessons to follow while ensuring cybersecurity.

A few days ago, Quanta Computers Inc., a primary supplier of computers and Macbooks to Apple, acknowledged being dealing with a ransomware attack. A Bloomberg report revealed that a ransomware group REvil is behind the attack and they published a blog on its dark website on the same. This attack was reportedly an attempt to extract ransom from Apple and Quanta immediately upgraded its cybersecurity strategy.

This is just an example of recent ransomware attacks. Since data is considered the currency today, it becomes easier for the attackers to get hold of it and threaten companies. The higher vulnerability of data on certain platforms enables these kinds of cyberattacks. A similar infamous incident took the internet by storm in July last year, the Garmin ransomware attack. Garmin is a global tech company and is a key player in GPS navigation and wearables technology. The tech giant fell victim to a scandalous ransomware attack that was said to be initiated by EvilCorp, a Russian cybercrime gang. The attack was enabled through "WastedLocker" ransomware and it forced Garmin to shut down its website used by users to sync data, and other GPS-powered business operations. Various reports stated that the company paid a huge ransom to obtain an encryption key to restore the data. This huge cybersecurity breach enlightened many business systems and projected the importance of having better security in place. There are many lessons that the Garmin ransomware attack teaches us.

  • Holistic Cybersecurity

By just being compliant, it is not necessary that a business can save itself from cyberattacks. A holistic approach to cyberattacks and a better cybersecurity strategy is what businesses need in the current scenario. Every company needs to have an Incident Response plan that details how it will respond to threats and immediate crises. Integrating cybersecurity to enterprise risk management, developing strong IT asset management, and a robust incident response approach will enhance security. Faster breach and cyber threat detection, better response, effective reconstruction of security, etc., are the results of such a complete approach.

  • Size Does Not Matter

It is not necessary that these ransomware attacks only happen to bigger or smaller organizations. Cyberattacks are not limited to the size of a business and they can threaten any organization. No organization is actually immune and safe from these ransomware attacks. When companies are exposed to vulnerabilities, loopholes in security, and issues in systems, they are targeted by attackers irrespective of the industry, size, and geographical boundaries. Even universities fall prey to ransomware and other cybersecurity breaches. Recently, the South and City College in Birmingham announced that they were targeted by a ransomware attack that affected many core IT systems of the institution.

  • Attackers are Smart

Yes, these attacks do not happen out of the blue. Findings say they are perfectly timed and tactical. The Garmin cyberattack was targeted just before they announced their quarterly earnings according to reports and smartly placed the attack which did not allow the company to recover faster. They knew that Garmin was a well-established company consisting of sensitive data and would not be ready to compromise it at any cost. A similar scenario worked out in the Quanta Computing case where the attacker targeted it at the right time when Apple announced its new range of products.

  • Attacking Customer Operations Can be Fatal

When ransomware attacks affect customer operations, it becomes more effective. In the case of Garmin, their user interface Garmin Connect was terribly hacked. The business completely went offline for more than three days and that sounds like a great loss. These synced websites also had a lot of customer data and the company could not send them away. Attackers knew how to make the company helpless by targeting its strong point. Businesses should be more aware to maintain good security measures in their user-friendly platforms and save sensitive user data from breaches.

  • Defense is the Only Remedy

Many reports state how Garmin was not vocal about how the ransomware entered the company's systems. The incident clearly showed how the company was not ready to deal with such an attack and they got entangled in resolving the issue, saving their business, and shutting down their sites. Safeguarding networks, upgrading cybersecurity strategies, continuous data backups, encouraging patch management programs, regular scanning of internal and external networks, proper encryption, and authentication in place are all a company can consider while preparing itself to fight cyberattacks. It is also imperative to make the employees aware of such situations and train them on how to handle them.

Apart from these lessons, it is important to decide whether to pay the ransom or not. Experts have an opinion that paying ransom will make your company an easy target for future attacks and also the business might end up indirectly funding these threat actors. Well, to avoid such confusion, the only possible way is to ensure maximum security and encourage discussions on cybersecurity, data vulnerability, and security loopholes in your business. Using state-of-the-art technologies like AI, blockchain, etc., can also strengthen the cybersecurity walls to more platforms like cloud and IoT that are more vulnerable these days.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net