Published 01/09/2016 | 11:40
It's impossible to overstate the gravity of one of the most troubling threats in information security: ransomware, where attackers lock a victim's files or even whole networks, and release these assets only when a ransom is paid.
Of all the research reports that cross my desk, those warning of the scale and cost of the ransomware threat seem to be the most numerous.
Cisco just devoted its midyear Cybersecurity Report to ransomware and its evolution, and as I was working on this article, I received Barkly’s report, Ransomware by the Numbers, which said categorically that ransomware is now the primary payload for phishing emails and exploit kits: “It's safe to say that if an employee at your company gets infected by something, chances are it's going to be ransomware.”
With more than 700,000 users a year now falling victim to encryption ransomware – being locked out of their own systems and files by an attacker’s encryption attack – it’s imperative that CIOs take action to manage the risks this threat poses to their businesses. The steps below may sound basic, but they are the essential starting point for any security strategy.
Better ransomware protection in three steps
1) Awareness, on individual and corporate level
Have you educated all users in your organisation about the danger of clicking on unknown attachments or visiting websites they’re unsure of? Phishing attacks continue to increase in sophistication, luring even experienced users into clicking links they shouldn't. Perhaps you’ve warned users already – but you need to check when you last did so, and share with them the latest information about the growing danger and make sure they are fully aware about best practices and the company’s policies. The importance of continuously educating your user base can’t be overemphasised. Have you set corporate policies for web access, e-mail usage & data backup? You never know: this data backup policy may be your only way to recover your data in the future.
2) Investigate your options for defence
Solutions like Advanced Threat Protection help safeguard your business by detecting and running any suspicious executable files in a sandbox -- a sealed-off area separate from your network -- to neutralise threats before they reach your systems. Your IT partner should be able to give you more details.
3) Monitor your systems
Do you monitor your systems for alerts or signs of attack? A spike in data transfer rates happening after hours is suspicious and should prompt further investigation. Keeping a close eye on your systems, and being able to receive an alarm if any suspicious systems or network activity is detected, will give you an opportunity to respond and begin mitigation before things get out of control. Your IT partner should be able to give you more details.
Small organisations are also at risk
My security colleagues at eir speak to businesses in a wide range of industries, from healthcare to the legal profession to financial services. While larger organisations in these sectors have taken significant steps to protect their networks and their data, SMEs can be slower to recognise the threat – perhaps because they believe they are not large or attractive enough targets.
This way of thinking is a mistake. Any organisation is at risk, and if your organisation is in the financial services, healthcare or legal sector, the threat is likely even higher. A small dentist’s or solicitor’s office may in fact be a prime target: an attacker after the most sensitive personal information will know that this kind of data resides in (and may be more accessible on) the networks and systems of these smaller, local providers.
The European Union has just passed its first ever piece of EU-wide legislation on cybersecurity, the NIS Directive. Read here what the NIS Directive can mean for your organisation. Even if your business is not in one of the mission-critical sectors where the EU wants to enforce stronger security practice (energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure), it’s important to realise that the NIS Directive sets a new tone for the conversation about information security in Ireland and every other Member State.
What are your company's plans to ensure that sensitive company and customer details aren't exposed to risks like encryption ransomware? At the very least, it's important to schedule a talk with your IT partner to assess your vulnerabilities, your overall exposure and available options to effectively protect and monitor your systems.
Waiting until after the attack happens is not an option.
Hisham Marzouk is Head of Network Security Services for eir. For more information about eir's upcoming suite of expanded security services, contact email@example.com. If you would like to read more blog posts about security issues visit the eir Business blog