[BreachExchange] Don’t Let Hackers Hold Your Business To Ransom
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Sep 20 19:37:30 EDT 2016
http://www.huffingtonpost.co.uk/jeremy-bergsman/dont-let-
hackers-hold-you_b_12084092.html
Computer hackers are an industrious bunch. The cyber-attacks they stage are
constantly changing, and are a rapidly-growing security threat to
businesses of all sizes. Aside from regulatory and economic risks,
ransomware attacks are probably the most frustrating and frightening
attacks companies currently face as they can affect everyone with a
computer or smart-phone.
Ransomware - a malicious software that can be sent via email and locks up a
company’s valuable data until a sum of money is paid - has the potential to
cripple an organisation with very little warning. An entire IT network can
be infected and frozen simply by an unsuspecting employee downloading an
affected file or clicking on a suspicious email link, creating a connection
point for cybercriminals to access company network drives in a matter of
minutes.
What happens next is more alarming. Through these connection points,
computer hackers can target data that is critical to the organisation,
encrypt it, and extort it for money. Forced to pay the ransom fee, the
victim firm is then reliant on the hacker providing the encryption key to
unlock and retrieve the information. Payment is typically demanded in
Bitcoins to anonymise transactions, preventing the perpetrators from be
tracked.
To give a sense of scale to the cybercrime, 47% of NHS Trusts, 51 police
forces, multiple businesses and six-in-ten universities in England have
been successfully targeted by ransomware in the past year.
Dangers of surrendering to ransomware
Companies usually have two options when faced with a ransomware attack: pay
up, or shut down their systems.
Most organisations opt to pay the ransom in the hope that the cyber
criminals will deliver the encryption key to release the data, which is why
more businesses are stockpiling Bitcoins. Others try to dismantle their
networks in the hope that they can neutralise the virus before it spreads
to other parts of the organisation.
However, neither approach is a guaranteed fail-safe. A recent study showed
that two-thirds of companies falling victim to an attack have surrendered
and paid up. But paying the ransom only leaves companies vulnerable to
future attacks and perpetuates the threat cycle. And disconnecting
enterprise systems creates downtime and disruption costing businesses far
more than the price of the ransom.
How to combat ransomware attacks
Ransomware is just one example of advanced persistent cyber-threat that
firms face. Rather than waiting for an attack, companies should take these
four steps to reduce the threat ransomware poses to firms.
1. Support the front-line defence. Raise employee awareness to minimise
cyberthreats, especially those threats that require user action, like
clicking on a bad link or downloading an infected file, to be activated.
Train employees on cybersecurity practices to guard the organisation. Show
them what to look out for and run mock phishing exercises, and provide a
mechanism for reporting suspicious activity.
2. Secure systems. Back-up all data in real-time, as well as in daily and
weekly increments to both an external hard drive and the cloud. Separate
your back-up drives from the network and ensure that at least one of these
back-ups is to a secure remote location. This means that information assets
can be recovered if ransomware strikes.
3. Test for, and combat vulnerabilities. Keep all software, operating
systems and applications up to date will provide some protection. But IT
teams should also frequently perform penetration testing and application
security assessments. This will identify areas of weakness and help
prioritise IT assets that need to be upgraded or strengthened to prevent
cyberattacks.
4. Scenario planning and response. Prepare for the most likely and
highest-impact attack scenarios in advance. To do this, business leaders
need to understand how company’s operations will be affected, and what
response and action the firm will take in each case. If a successful attack
is carried out, companies also need an effective communication strategy in
place to inform staff and external stakeholders of a ransomware attack to
minimise damage.
Given their potential profitability, ransomware attacks will only increase
in volume and complexity. Whilst no company can be guaranteed a safe path
against ransomware, companies can implement a strong deterrence policy to
avoid being held to ransom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160920/345c7a54/attachment.html>
More information about the BreachExchange
mailing list