NYC Metro Transit Authority Hacked:  Cyberattacks on the Rise 

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Cyberattacks on the Rise 

As someone who has information security on their radar, you’ve probably noticed a real upswing in news stories about hacking. In addition to a recent attack on New York City subway system, hackers have also gone after transportation systems in Sacramento, Philadelphia, San Francisco, and Ft. Worth.  

Clearly, there are bad actors out there seeking to exploit vulnerabilities. 

Why Are Cyberattacks Happening so Often? 

These attacks happen for a variety of reasons. In some instances, the hackers use ransomware to extort money. That was the case with a recent hacking of a pipeline. They may also be in search of company secrets, customer data, or financial information. 

 In the case of the New York City subway attack, the reasons aren’t immediately clear. The group involved appears to be connected to the Chinese government. The motivation could be from the country’s interest in controlling the rail car market. There’s also speculation that this incident could have simply been a test of vulnerabilities in the transit system or even a simple mistake on the part of the hackers. 

Who is Vulnerable to These Attacks? 

The truth is that any entity is a potential target for attack. For every newsworthy incident of a data breach or other security attack, there are dozens more that don’t make the news. Businesses often store sensitive personal and financial data, as well as corporate secrets. Even on a small scale, these things are attractive to cybercriminals. 

 Worse, once an attack has occurred, any response to it is often reactionary. Data has already been exposed. Cleaning up the resulting mess can cost millions of dollars, affect the reputation of a company, and even expose a business to liability. 

How Technology Can Help 

The good news is that there are also thousands of incidents in which hackers are blocked by security software and other protections that work as they should. And, in many cases, managed security services have successfully prevented damage from being much worse than intended. 

How Do Managed Security Services Protect Businesses from Cyberattacks? 

Gas pipelines, government transportation agencies, and major corporations eventually recover from these attacks. That’s because they have the financial resources to absorb the damage, pay ransomware demands, and get their systems back online. 

 The difference is that small and medium businesses don’t have those resources. A cyberattack could quite literally cause the demise of a small business. Worse, the majority of internet attacks are targeted at small businesses. Many of the small businesses that are attacked don’t survive the incident. 

 Prevention is key, but there are still challenges to be faced. Hackers are becoming more sophisticated all the time. Unfortunately, the same small businesses that cannot survive in the aftermath of a breach usually can’t afford to build their own cybersecurity defense systems. Cybercriminals know this and they are all too eager to exploit that weakness. 

 It’s also burdensome for small businesses to invest a significant amount of time and money in designing and executing an internally managed cybersecurity protection plan. That is why so many small businesses opt to use managed security services. 

How Do Managed Security Services Work? 

Managed security services provide organizations with a full suite of data protection tools. This includes continually monitoring for vulnerabilities, installing security updates, configuring antivirus software, conducting penetration testing, conducting audits, and otherwise ensuring that a company’s systems are fully protected and monitored 24/7. 

 Here are some of the features that may have helped the NYC MTA to prevent the cyberattack from being much worse. These are also the protections that small businesses can expect from a managed security service. 

Intrusion Detection 

An intrusion detection system monitors for both internal and external attempts to access information without authorization. This includes hacking attempts. It also includes internal efforts to get around security policies. 

Firewalls 

A next-generation firewall provides all the protections that come from standard firewalls, along with additions such as app-awareness and cloud-based threat intelligence. It integrates with intrusion prevention and detection software to ensure that nothing enters or leaves a network that isn’t supposed to. 

Intrusion Protection 

This is a rules-based security protocol that springs into action when it encounters predefined behaviors in network traffic. This offers real-time protection from things such as cross-site scripting (XSS) or denial of service attacks. 

Vulnerability Testing 

This is often referred to as ethical hacking. Security professionals deploy a variety of attacks to identify weaknesses and other issues that leave networks exposed. There are also software packages that can be used for this testing. 

Industry-Based Compliance Consulting 

These services assist businesses in their efforts to comply with network and data security regulations set by the government and industry authorities. 

Antivirus Protection 

A managed security service will ensure that top-of-the-line antivirus software is installed and kept up to date in order to detect, block, and eradicate viruses, malware, and other threats. 

Off-Site Backups 

Businesses that have their data backed up, encrypted, and stored off-site are protected from ransomware and crypto-locker attacks. This is simply because it takes away the power of attackers to hold information hostage. 

End-User Training 

In this case, a true hacking attempt was behind the attack on the NYC subway system. The same appears to be true for the pipeline incident and other major events. However, many of the attacks that are launched against businesses are actually caused by employee errors.  

 End users can accidentally or maliciously make systems vulnerable by: 

  •  Accessing sensitive data on public networks. 
  • Using poor password management techniques. 
  • Downloading or installing unauthorized software. 
  • Transmitting data without taking steps to protect it. 
  • Falling victim to pretext calling and other forms of social engineering. 

 A bit of education can go a long way in mitigating this. 

Customization 

Customization is one of the key benefits of a managed services provider. In addition to using the skills of a dedicated service provider, these solutions are customized according to the needs of the small business. 

Final Thoughts 

As citizens, everyone should be concerned about cyberattacks on major entities. It is alarming that these are happening with such frequency and even more shocking that foreign governments may be involved in at least some of these attacks.  

With that being said, these issues also highlight how important it is for small to medium-sized businesses to implement protections now. 

More To Explore

Let's Chat
Let’s have a conversation, we’d be happy to provide some honest guidance.