TSTC Cybersecurity instructor on ransomware attacks: Bring backup
(ROSENBERG, Texas) – In our increasingly connected world, headline-grabbing cyberattacks are becoming more frequent — especially when they wreak havoc on things like the supply chain, paychecks and access to online services.
One type of attack in particular has caused headaches worldwide.
“Of cyberattacks, ransomware is probably the nastiest of them all,” said Texas State Technical College Cybersecurity instructor Alan Sulak.
The way this attack works is right in its name: ransom. Employees of a company may receive an official-looking email that contains a link — a phishing attack. When they click the link, it releases a virus that encrypts every piece of data it can find. The only person with the password to access the data again is the criminal who sent the attack, and they expect payment.
At this point, victims should call the FBI. The experts there might have a solution, particularly if the virus is old.
However, Sulak shared a chilling piece of advice that he received in a cybersecurity-focused meeting with the FBI.
“They said, ‘The one thing we guarantee you is that every day you wake up, you have a new enemy,’” he recalled. “Every day, somebody’s creating something new that will potentially get us.”
Prevention is the best approach to dealing with cyberattacks like ransomware.
“(Ransomware) is ruthless,” Sulak said. “Protect from it by backing up your data.”
If the attack cannot be solved through professional intervention and the ransom cannot be paid, restoring lost data from backups could be the only way to restore access.
That is why it is so important to utilize a trustworthy company or software for this task — and to check that the backups are functional.
“For every company that does backups, probably only 30% of the backups work,” Sulak warned.
Another key preventive measure is education. People should never click on links from senders they do not know. They should be wary of all links they receive through email regardless, especially since criminals can pose as someone on their contact list.
The same advice goes for spam phone calls. Sometimes it is best not to answer a call from an unrecognized number in the first place.
The resources for protecting against ransomware and other cyberattacks include qualified cybersecurity professionals — who Sulak and his fellow TSTC Cybersecurity instructors are training their students to become.
An essential skill that TSTC Cybersecurity students learn as they earn their degrees is how to write a cybersecurity plan that includes a company’s risk analysis.
“Analyze how much money you could lose if you lost everything,” Sulak said, describing the process of the risk analysis. “What does that mean to your company financially? Maybe the loss is infinite — many companies fold. Or maybe you know it’s a million dollars you might lose, and customers — or worse.”
The analysis then recommends an investment of a portion of that amount into protective measures, which can be a daunting proposal. The proper equipment to head off a ransomware attack before it starts — or isolate infected equipment before the virus infiltrates everything — and the trained professionals to operate it can come at an eye-watering cost to CEOs of midsize companies.
But the potential loss could be much greater.
TSTC offers an Associate of Applied Science degree in Cybersecurity, an advanced technical certificate of completion in Digital Forensics Specialist and an occupational skills award in Basic Cybersecurity. All are offered online.
The program is also part of TSTC’s Performance-Based Education, a self-directed approach to the mastery of industry skills and competencies.
In Texas, information security engineers can earn an average annual salary of $89,750, according to the U.S. Bureau of Labor Statistics. Onetonline.org forecasts a bright outlook and 20% projected future growth of these positions by 2028.
Enrollment for the spring semester at TSTC is underway. For more information, visit tstc.edu.
