We know the stories: Some company, hospital, school or individual gets hit with a ransomware attack, which shuts down its computer system. It then must pay the criminals to get access to the system again or pay a lot of money reloading and restarting literally everything.
These aren’t teenagers hacking corporate systems to show off their skills. They aren’t random criminals working from home late at night. They are professional businesspeople, with corporate offices, cars and planes. They are organized crime in a way the world has never seen.
And increasingly, cybercriminals are protected or subsidized by foreign governments. One could make a case that we are at war. But instead of bombs and bullets, it’s a war of bits and bytes.
Compared to mafia-style crimes such as extortion schemes, counterfeiting and the global drug trade, cyber crime is the best thing to happen to organized crime.
The size of the prize is global. Because unlike other forms of crime, where only a small percent of the population is at risk, every citizen in any modern economy depends on technology for everything. That includes the local police department, hospitals, traffic light system, even local utilities – all have been hit with successful attacks in the last few years.
Many paid ransoms to the cyber criminals (and kept it quiet) because it was cheaper than re-starting. Or the data was so precious (medical history records), it would have been impossible to continue services without paying.
This kind of war is efficient. Never before has it cost so little to do so much damage. And the spoils of war come immediately. One doesn’t have to destroy an enemy’s capital; every successful attack pays.
This cyber war kills, too. In 2020, a German woman died after being unable to receive urgent care at her nearby hospital because they had been hit by a ransomware attack. Who knows how many traffic accidents, hospital errors, and failed police prosecutions have resulted in deaths because computer systems were vulnerable, or employees clicked where they shouldn’t have?
And if we want to see what happens when the war escalates, look at Ukraine. State-sponsored cyber attacks caused chaos in every public and private sector, crippling the country even before Russia invaded.
The best thing we can do in our industry – the patriotic thing – is to not let ourselves be victims in the first place. There are simple things we can do to harden systems and train employees to make an attack unlikely. Or in the event of an attack, to ensure there is a recovery plan, so no ransom is paid.
The Independent Grocers Alliance offers training for associates on cyber crime and how to avoid risky online choices. We make it free to all independent grocers, IGA members or not. We also have a preferred partner who offers a low-cost analysis and remediation program for IGA and non-IGA stores, to help harden systems, and limit the risk of attack.
I don’t fault any business for weighing whether to pay. Economic risk in our business is greater than buying new software. If we shut down, for days on end, the lost sales could cripple not just us, but the nutritional well-being of communities.
But each time we pay, each time an American business sends a cryptocurrency bribe to get their computer back, we arm the enemy. Imagine a World War II bomber dropping its bombs, only to return to the base with more than it had when it took off.
Do this. Contact a cyber security firm today. IGA’s partner is smart and scaled for the independent grocery industry.
But whether going with them or another credible expert, do it now. It’s surprisingly easy to dramatically lessen the risk. And less expensive.
Don’t use COVID out of stocks or labor shortages as justification for dealing with this later. Do it today. After all, war waits for no one.
For more information, visit iga.com/about.