How to prevent a ransomware attack on your business
Many of us hear the term Cyber Risk and we automatically default to the thinking this risk is one isolated to the big end of town… Yes, the attacks on the big end of town are the most heavily publicised but when it comes to Cyber Risk, the approach of, “This will never happen to me” is dangerous and leaves thousands of small to medium businesses hopelessly exposed to compromise. The recent global attack from WannaCry is a prime example that when it comes to cybercrime, anyone is fair game.
In a study conducted last year, security advisers Symantec, concluded that more than fifty per cent of the world’s cybercrime was imposed on businesses with less than 250 employees. Locally, stories are abound of the unsuspecting GP or dentist arriving at their surgery for a day’s work, to find out that their patient database has been compromised and held to ransom.
These attacks are now becoming common fare, and happen in our community daily…
Why the focus on small to medium business?
In our experience, this is due to:
- Resources: bigger corporations have the resources to constantly improve their internet security systems.
- Complacency: most organisations believe that having updated anti-virus, a retail purchase firewall and the office machines security patched is enough to ensure they’re protected. There are cybercrime tutorials available through internet search engines and social media sites which provide direction on how to compromise these systems.
- The bigger prize: although smaller businesses obviously have less data to steal, their lack of effective security can act like a secret passage into the bowels of the larger companies they work with.
Is this risk going away?
Absolutely not. Cybercrime is big business and one of the fastest growing industries in the world.
Cybercrime is a business just like any other. When the internet first emerged viruses and trojans were simply a way to cause business interruption and damage. Today, these are a business like any other, whose focus is on maximising returns through exposing the vulnerabilities of its targets.
Cyber criminals now offer products for purchase, including software developer starter kits, allowing someone to download the code they need to directly attack you. While these attacks are sophisticated, using these tools certainly does not require the genius computer whiz it once did.
Not only do these professional hacking businesses offer software development kits but also help desk services, just to ensure you are able to code your own variant. They will also provide assistance in deploying it and ensuring the hack is successful. If that wasn’t enough, your local friendly hacking professional will probably now also have a multi-lingual help desk to ensure that the victims of the hack have the support they need to pay the attacker. Unfortunately, this is a risk that is expanding at such a speed, legislators and regulators are unable to keep pace.
How can you protect yourself?
The key is to understand your own security posture and begin looking at ways to move from the legacy approach of ‘detect and repair’ to one of ‘monitor and respond’.
- Understanding your own risk profile. This is key to selecting the right tools to protect your organisation;
- Auditing and analysing your environment to ensure your potential as a target is minimised; and
- Considering every aspect of your organisation’s digital profile from web site infrastructure security auditing, through to governance, risk and compliance. Assessing not only your digital presence, but the policies and procedures required to respond to a threat.
PKF’s cyber security arm, Cecuri, have the expertise to guide you through this potentially complicated world of emerging threats by.
If you have any questions in relation to this emerging area of risk, please contact me for more information.