SAN ANTONIO – A wave of cyber attacks has hit two major targets — the Clorox Company and two Las Vegas casinos and resorts, placing them on the frontlines of a digital battle.
Max Kilger, a professor of practice at UTSA’s Alvarez College of Business, understands what’s at stake when a cyber attack is successful. He said a company’s data and IT systems are the most valuable assets.
“If you don’t protect them, you could suffer some severe financial losses. You could even have the company be taken down,” Kilger said.
San Antonio, while not directly impacted by the attacks, remains vigilant.
“We have NSA Texas here. We have a lot of high-tech companies here that both deal in cybersecurity as well as rely upon cybersecurity to keep their companies and their data safe,” said Kilger.
As a reminder, Kilger said cyber threats can affect anyone at any time and recommends changing passwords often for each account and not clicking on suspicious URLs, emails or messages.
For organizations, one of the things he emphasizes is spending more money on cybersecurity.
“Only maybe about anywhere from 7% to maybe 12% or 13% of IT budget for a company is spent on cybersecurity, and that’s not nearly enough,” said Kilger.
He said companies often bring in experts to negotiate ransomware demands, but he warns of risks.
“So even if you actually pay the ransom, there’s, you know, maybe only a 50% chance that they’ll actually give you the key to decrypt your data and bring your systems back online,” said Kilger.
He said some law enforcement agencies discourage people from paying the ransom.
“If you pay it often, that tells the cybercriminal, ‘Oh, these guys are willing to pay.’ And, of course, sometime later, they will hit you again,” said Kilger.
Kilger said the cyber attack at the MGM in Las Vegas was most likely a social engineering attack.
“And that’s actually very common because humans are often one of the weakest links in cybersecurity. They basically called up and said, ‘Oh, hey, you know, we need to change all of the two-factor authentication settings for these senior administrators.’ And they did that, and that was how they got in,” said Kilger.
Kilger says Clorox, MGM and Caesars Palace will more than likely launch a cyberforensic analysis to learn how the hackers got in, what techniques they used, and who could be responsible.