Ran­somware - a busi­ness owner’s guide

Monthly Chronicle - - Business & Personal Finance - Eric Tong Eric Tong is the owner of First Class Ac­counts Ep­ping and Wise­pro.net.au.

Who could for­get Wan­naCry?

The in­fa­mous and in­sanely de­struc­tive Wan­naCry at­tack that hit glob­ally in May 2017 was one of the most dam­ag­ing cy­ber­at­tacks of re­cent times. Wan­naCry will go down in his­tory for how rapidly it in­flicted dam­age, tak­ing more than 200,000 PCs hostage in over 150 coun­tries and cash­ing in over US$140k in Bit­coin.

Ran­somware in­ci­dents like Wan­naCry or Petya tar­get­ing busi­nesses are not un­com­mon. Aus­tralian busi­nesses are among the top 10 coun­tries im­pacted by ran­somware. The min­is­ter as­sist­ing the Prime Min­is­ter for cy­ber se­cu­rity, Dan Te­han said: “Small busi­ness own­ers should be proac­tive about their cy­ber se­cu­rity in the wake of this ran­somware cam­paign af­fect­ing com­put­ers around the world.”

What is Ran­somware?

Ran­somware is a type of com­puter mal­ware that pre­vents or lim­its users from ac­cess­ing their files or com­put­ers by lock­ing or en­crypt­ing them. In­fected com­put­ers of­ten dis­play mes­sages to de­mand the vic­tim to pay the ran­som with the av­er­age of about $400.

Ran­somware ex­ecu­tors started prey­ing on in­di­vid­u­als but have since be­come a huge threat to Busi­nesses as well. Small busi­nesses, large cor­po­ra­tions and gov­ern­ment agen­cies were among the vic­tims who gave in to ran­som de­mands. But there’s no guar­an­tee that you can get back ac­cess to your files or com­put­ers even if you do pay the ran­som.

How did I get in­fected?

The most com­mon source of com­puter in­fec­tion is through spam emails such as ma­li­cious ad­ver­tise­ments or scams pur­port­ing to be from le­git­i­mate or­gan­i­sa­tions such as Aus­tralia Post, a bank or a util­ity provider. They can trick peo­ple into down­load­ing mal­ware at­tach­ments or link­ing to a ma­li­cious web­site that looks just like a le­git­i­mate site.

An emerg­ing trend now is for some ran­somware to also con­tain worm-like ca­pa­bil­i­ties and spread across net­works to other sys­tems in­clud­ing mo­bile de­vices. It won’t be long be­fore new forms of ran­somware dead­lier than Wan­naCry and Petya ap­pears.

Lay­ers of de­fence against Ran­somware

1.The first de­fen­sive layer is timely soft­ware patch­ing and com­pre­hen­sive backup rou­tines. Lat­est ver­sion soft­ware gets se­cu­rity up­dates sooner, and one should turn on au­to­matic up­date func­tions such as “Win­dows Up­date” or “Au­to­mat­i­cally check for up­dates” on Mac.

The smaller the win­dow of op­por­tu­nity for cy­ber­crim­i­nals, the less likelihood of be­ing af­fected. Backup to off­line stor­age such as por­ta­ble hard-drive and network at­tached stor­age reg­u­larly can iso­late and con­tain in­fec­tion prop­a­ga­tion from af­fect­ing im­por­tant files. 2. The next layer is an­ti­ran­somware tech­nolo­gies like anti-virus soft­ware and uni­fied threat or se­cu­rity man­age­ment (UTM/USM) de­vices. They can of­fer pro­tec­tions such as fire­wall, in­tru­sion preven­tion, gate­way anti-virus/anti-spam, con­tent fil­ter­ing and VPN or Vir­tual Pri­vate Network.

Ven­dors spe­cial­is­ing in cy­ber se­cu­rity can pro­vide timely sig­na­ture data­base up­date against lat­est threats. 3. Hu­man is the last and most im­por­tant layer. Proper train­ing and staff aware­ness are es­sen­tial. All tech­nolo­gies can only func­tion to their full po­ten­tial with pro­fes­sion­ally trained peo­ple. Af­ter all, you wouldn’t want your front door kept open even though you have the best alarm and sur­veil­lance sys­tems in­stalled at home.

Fi­nal ad­vice

This lat­est at­tack is a wakeup call to busi­nesses that de­fend­ing against cy­ber­at­tacks isn’t just about spend­ing money on some flash­ing boxes and al­lo­cat­ing the min­i­mum bud­get pos­si­ble to se­cu­rity. Busi­ness own­ers need to be proac­tive with the lay­ers of de­fence in or­der to pro­tect their busi­ness and em­ploy­ees against ran­somware threats.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.