Over the years, the world has watched the news unfold of massive cyber attacks that have financially wreaked havoc on

companies and their employees. From the Sony Pictures Entertainment breach to the Colonial Pipeline hack that had everyone scrambling to fill their tanks, everyone has seen the impact of cyber attacks on larger organizations; small companies, however, are at risk, too.

Jerry Bessette, the senior vice president of Booz Allen Hamilton and leader of BAH’s Incident Response Program who is based in Fayetteville, has seen many well-known attacks firsthand, and urges companies to prepare themselves.

Prior to joining BAH in 2019, Bessette spent 24 years with the FBI as an agent and retired as the senior executive of the cyber division. He managed the cyber incident response team and served as the executive manager of the investigation into the North Korean attack on Sony Pictures Entertainment and the breach of the U.S. Post Office to name just a couple.

Whether in Fayetteville, across the state, across the nation or worldwide, Bessette sees ransomware as one of the biggest threats to companies.

“There are so many groups out there …We see these large ransomware attacks on huge corporations in the news and … that emboldens every other criminal out there to want to get in on that,” Bessette explained. “Whether a company is small, medium-sized, or extremely large, they are at risk of becoming the victim of a ransomware attack and having their networks encrypted and having critical information stolen from them. They really need to be prepared for that and think that it’ll never happen to them. Unfortunately we see that happening to all companies, small to large.”

Particularly, Bessette says that BAH sees a concentration of cyber attacks in five sectors: financial, retail, manufacturing, construction

and healthcare.

“When you take all the industries that are victims of ransomware attacks and plot them out on a bar graph, those five business

verticals really stand out,” Bessette said. “The reason they do is because, if you conduct a ransomware attack against people who operate in those areas, you can cause the most day-today operational impact.”

The goal of ransomware attackers is to create a sense of fear and panic within a victim organization so that the company sees that the only way out is through a payment. 

“But it’s really not the case. That’s not true,” Bessette said.

If a company has cyber insurance, paying the ransom might look like a more viable path to some companies. While Booz Allen Hamilton leaves that decision up to their clients and doesn’t make a recommendation on whether to pay or not, Bessette has an opinion from his history with the FBI.

“I wish not a single company would ever pay again. But unfortunately, I know that’s not true because companies are still failing to do the

basics and finding themselves in a situation where they are severely challenged and there is a huge financial impact and they come to the

realization that … they’re going to make a business decision to make a ransom payment to get their network back, to bring the corporate systems back online,” Bessette said.

So, what can businesses do to protect themselves? Bessette explained that the same tricks are being used to hack into companies that have been used for a long time, and that putting security measures in place before an attack is key.

“I often use the analogy that …ransomware hackers, if they were a car thief, and they were going to go to the mall parking lot and intend on breaking into a car, you could buy or develop a sophisticated lock-picking technique and place it up against the side of the car and quickly be able to unlock the car door,” Bessette said. “You could bring a hammer and do it the old-fashioned way and smash the window. Or, you could simply walk down one of the long rows of cars at the mall and if you check 20 or 25 car doors, odds are someone’s going to have forgotten to lock their car. Unfortunately, that’s really the case in today’s environment…The hackers are still using those tried and true techniques.”
 

People need backups that aren’t connected to their networks, Bessette says. He also encourages businesses to have multi-factor authentication enabled; an endpoint detection and response program in place, which is a software deployed at the endpoint level so if someone does click on something they should not, it will be killed and an alert will be sent; email filtering; and patching.

Bessette said that some companies suffer large ransomware attacks, and they actually have tools on their networks that notified of the attack, but nobody looked at the tools.

“Could’ve saved them tens of millions of dollars,” Bessette said.

Booz Allen Hamilton can help people process what their technology can do and make sure the proper measures are in place to prepare for a ransomware attack. They do this by monitoring their clients’ networks, helping to establish policies and procedures for managing cybersecurity and testing to make sure the tools in place are accomplishing their intended purposes.

BAH also made another big move for boosting their cybersecurity services through their acquisition of Tracepoint, a digital forensics and incident response leader, which they announced on Sept. 13. In 2022, BAH will integrate their commercial business with Tracepoint.

“Tracepoint has an exceptionally qualified team with strong brand recognition in the DFIR market and extensive relationships in its core sectors to expand our commercial offering and accelerate our growth,” said Bill Phelps, executive vice president and leader of Booz Allen’s commercial business, in the press release. “Booz Allen has decades of experience working across the most significant breaches and clients and will provide strong foundations from which we can continue to grow and expand our business. We are

thrilled to enter the market together as partners,” said Chris Salsberry, Tracepoint’s chief executive officer, in the release.

Although the possibility of a ransomware attack may seem out of reach or intimidating, Bessette assures that taking the time in

advance to put systems in place, whether utilizing BAH’s tools or by carefully analyzing security measures independently from the tech giant, is worth it. 

“You have to plan… and a little preparation goes a long way in helping companies respond to these attacks,” Bessette said.