A
PHA T0M N
M3NACE
OPENING A SINGLE EMAIL CAN PUT SMALL BUSINESSES AT RISK AS CYBERATTACKS ZERO IN ON EMPLOYEES WORKING REMOTELY DURING THE PANDEMIC .
By Jared Lindzon / Illustrations by Mark Pernice
THE ATTACK BEGAN ON THE MORNING OF APRIL 19 .
The internal monitoring systems at financial software provider
Wave Accounting alerted staff that some of its services were being disrupted . Someone was flooding the system with requests in an attempt to render the company ’ s offerings unavailable in what ’ s known as a “ distributed denial-of-service ” ( DDoS ) attack .
Within minutes , nearly every one of Wave ’ s 280 employees was engaged to contain the damage , inform customers , and rout out the attack .
“ It was pretty much all hands on deck ,” explains Ideshini Naidoo , the company ’ s chief technology officer , adding that Wave had to work around the added challenge of not being physically together while mounting its defense .
Fortunately Naidoo and her team were already on the lookout . As the coronavirus spread chaos and disorder around the world , and as aid packages were offered to help small and medium-size businesses ( SMBs ) in the United States , cybersecurity experts
warned that attacks would spike .
“ Attackers have this really good opportunity to send a phishing email that says , ‘ Hey , you can get PPE like masks by clicking here ,’ and off you go providing details you shouldn ’ t ,” Naidoo says . “ Or , people appeal to the humanitarian side , saying , ‘ Click here to make a charitable donation to support healthcare workers .’ People are falling for those phishing attacks .”
In the end , Wave ’ s services were only down intermittently over a few hours . Had the attacker been more sophisticated , or had the company been less prepared , Naidoo says it could have caused significant damage .
“ A DDoS attack is a serious concern ,” she says . “ It can take you out , and if a small business ’ s services are not available to their customers , that ’ s it , you ’ re not making any revenue , and you have potential reputational risk .”
HP / INNOVATION / FALL 2020 59